From 0ad327bbe56a8a14d1de2ed88343b571f343d127 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Wed, 29 Jan 2025 09:51:45 +0100 Subject: [PATCH] [Nginx] Use separate vhosts for additional server names --- data/Dockerfiles/nginx/bootstrap.py | 6 ++++-- data/conf/nginx/templates/nginx.conf.j2 | 25 +++++++++++++++++++++++-- data/web/inc/functions.inc.php | 2 +- docker-compose.yml | 2 +- 4 files changed, 29 insertions(+), 6 deletions(-) diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py index de7824334..f294e7cce 100644 --- a/data/Dockerfiles/nginx/bootstrap.py +++ b/data/Dockerfiles/nginx/bootstrap.py @@ -7,7 +7,7 @@ def includes_conf(env, template_vars): listen_plain = "listen_plain.active" listen_ssl = "listen_ssl.active" - server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {template_vars['ADDITIONAL_SERVER_NAMES']};" + server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {' '.join(template_vars['ADDITIONAL_SERVER_NAMES'])};" listen_plain_config = f"listen {template_vars['HTTP_PORT']};" listen_ssl_config = f"listen {template_vars['HTTPS_PORT']};" if not template_vars['DISABLE_IPv6']: @@ -42,6 +42,8 @@ def nginx_conf(env, template_vars): def prepare_template_vars(): ipv4_network = os.getenv("IPV4_NETWORK", "172.22.1") + additional_server_names = os.getenv("ADDITIONAL_SERVER_NAMES", "") + template_vars = { 'IPV4_NETWORK': ipv4_network, 'TRUSTED_NETWORK': os.getenv("TRUSTED_NETWORK", False), @@ -49,7 +51,7 @@ def prepare_template_vars(): 'SKIP_SOGO': os.getenv("SKIP_SOGO", "n").lower() in ("y", "yes"), 'NGINX_USE_PROXY_PROTOCOL': os.getenv("NGINX_USE_PROXY_PROTOCOL", "n").lower() in ("y", "yes"), 'MAILCOW_HOSTNAME': os.getenv("MAILCOW_HOSTNAME", ""), - 'ADDITIONAL_SERVER_NAMES': os.getenv("ADDITIONAL_SERVER_NAMES", "").replace(',', ' '), + 'ADDITIONAL_SERVER_NAMES': [item.strip() for item in additional_server_names.split(",")], 'HTTP_PORT': os.getenv("HTTP_PORT", "80"), 'HTTPS_PORT': os.getenv("HTTPS_PORT", "443"), 'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"), diff --git a/data/conf/nginx/templates/nginx.conf.j2 b/data/conf/nginx/templates/nginx.conf.j2 index bcb4612bc..b35aeeea3 100644 --- a/data/conf/nginx/templates/nginx.conf.j2 +++ b/data/conf/nginx/templates/nginx.conf.j2 @@ -41,7 +41,7 @@ http { https https; } - # Default + # Default Server Name server { listen 127.0.0.1:65510; # sogo-auth verify internal listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%}; @@ -55,11 +55,32 @@ http { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; - server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.* {{ ADDITIONAL_SERVER_NAMES }}; + server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.*; include /etc/nginx/includes/sites-default.conf; } + # Additional Server Names + {% for SERVER_NAME in ADDITIONAL_SERVER_NAMES %} + server { + listen 127.0.0.1:65510; # sogo-auth verify internal + listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%}; + listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl; + {% if not DISABLE_IPv6 %} + listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%}; + listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl; + {%endif%} + http2 on; + + ssl_certificate /etc/ssl/mail/cert.pem; + ssl_certificate_key /etc/ssl/mail/key.pem; + + server_name {{ SERVER_NAME }}; + + include /etc/nginx/includes/sites-default.conf; + } + {% endfor %} + # rspamd dynmaps: server { listen 8081; diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index 7efbee166..73769d902 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -2277,7 +2277,7 @@ function cors($action, $data = null) { } function getBaseURL() { $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http'; - $host = $_SERVER['HTTP_HOST']; + $host = $_SERVER['SERVER_NAME']; $base_url = $protocol . '://' . $host; return $base_url; diff --git a/docker-compose.yml b/docker-compose.yml index a11e02d1a..2b5e85cb9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -372,7 +372,7 @@ services: - php-fpm-mailcow - sogo-mailcow - rspamd-mailcow - image: mailcow/nginx:1.01 + image: mailcow/nginx:1.02 dns: - ${IPV4_NETWORK:-172.22.1}.254 environment: