[Nginx] Use separate vhosts for additional server names

data/Dockerfiles/nginx/bootstrap.py

@@ -7,7 +7,7 @@ def includes_conf(env, template_vars):
   listen_plain = "listen_plain.active"
   listen_ssl = "listen_ssl.active"
 
-  server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {template_vars['ADDITIONAL_SERVER_NAMES']};"
+  server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {' '.join(template_vars['ADDITIONAL_SERVER_NAMES'])};"
   listen_plain_config = f"listen {template_vars['HTTP_PORT']};"
   listen_ssl_config = f"listen {template_vars['HTTPS_PORT']};"
   if not template_vars['DISABLE_IPv6']:
@@ -42,6 +42,8 @@ def nginx_conf(env, template_vars):
 
 def prepare_template_vars():
   ipv4_network = os.getenv("IPV4_NETWORK", "172.22.1")
+  additional_server_names = os.getenv("ADDITIONAL_SERVER_NAMES", "")
+
   template_vars = {
     'IPV4_NETWORK': ipv4_network,
     'TRUSTED_NETWORK': os.getenv("TRUSTED_NETWORK", False),
@@ -49,7 +51,7 @@ def prepare_template_vars():
     'SKIP_SOGO': os.getenv("SKIP_SOGO", "n").lower() in ("y", "yes"),
     'NGINX_USE_PROXY_PROTOCOL': os.getenv("NGINX_USE_PROXY_PROTOCOL", "n").lower() in ("y", "yes"),
     'MAILCOW_HOSTNAME': os.getenv("MAILCOW_HOSTNAME", ""),
-    'ADDITIONAL_SERVER_NAMES': os.getenv("ADDITIONAL_SERVER_NAMES", "").replace(',', ' '),
+    'ADDITIONAL_SERVER_NAMES': [item.strip() for item in additional_server_names.split(",")],
     'HTTP_PORT': os.getenv("HTTP_PORT", "80"),
     'HTTPS_PORT': os.getenv("HTTPS_PORT", "443"),
     'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"),

data/conf/nginx/templates/nginx.conf.j2

@@ -41,7 +41,7 @@ http {
         https https;
     }
 
-    # Default
+    # Default Server Name
     server {
         listen 127.0.0.1:65510; # sogo-auth verify internal
         listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
@@ -55,11 +55,32 @@ http {
         ssl_certificate /etc/ssl/mail/cert.pem;
         ssl_certificate_key /etc/ssl/mail/key.pem;
 
-        server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.* {{ ADDITIONAL_SERVER_NAMES }};
+        server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.*;
 
         include /etc/nginx/includes/sites-default.conf;
     }
 
+    # Additional Server Names
+    {% for SERVER_NAME in ADDITIONAL_SERVER_NAMES %}
+    server {
+        listen 127.0.0.1:65510; # sogo-auth verify internal
+        listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        {% if not DISABLE_IPv6 %}
+        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        {%endif%}
+        http2 on;
+
+        ssl_certificate /etc/ssl/mail/cert.pem;
+        ssl_certificate_key /etc/ssl/mail/key.pem;
+
+        server_name {{ SERVER_NAME }};
+
+        include /etc/nginx/includes/sites-default.conf;
+    }
+    {% endfor %}
+
     # rspamd dynmaps:
     server {
         listen 8081;

data/web/inc/functions.inc.php

@@ -2277,7 +2277,7 @@ function cors($action, $data = null) {
 }
 function getBaseURL() {
   $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';
-  $host = $_SERVER['HTTP_HOST'];
+  $host = $_SERVER['SERVER_NAME'];
   $base_url = $protocol . '://' . $host;
 
   return $base_url;

docker-compose.yml

@@ -372,7 +372,7 @@ services:
         - php-fpm-mailcow
         - sogo-mailcow
         - rspamd-mailcow
-      image: mailcow/nginx:1.01
+      image: mailcow/nginx:1.02
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment: