github-personal/Mailu
1
0
Fork 0
mirror of https://github.com/outbackdingo/Mailu.git synced 2026-01-27 10:19:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

PROXY_PROTOCOL=all-but-http for traefik

Browse Source
This commit is contained in:
Florent Daigniere
2023-08-09 15:28:25 +02:00
parent 64ce3d1c96
commit f3cd401450
2 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
core/nginx/conf/nginx.conf
View File

@@ -22,7 +22,7 @@ http {
{% if REAL_IP_HEADER %}
real_ip_header {{ REAL_IP_HEADER }};
{% elif PROXY_PROTOCOL in ['all', 'http'] %}
{% elif PROXY_PROTOCOL in ['all', 'all-but-http', 'http'] %}
real_ip_header proxy_protocol;
{% endif %}
@@ -104,9 +104,9 @@ http {
# Only enable HTTPS if TLS is enabled with no error and not on kubernetes
{% if not KUBERNETES_INGRESS and TLS and not TLS_ERROR %}
listen 443 ssl http2{% if PROXY_PROTOCOL in ['all', 'http'] %} proxy_protocol{% endif %};
listen 443 ssl http2{% if PROXY_PROTOCOL in ['all', 'all-but-http', 'http'] %} proxy_protocol{% endif %};
{% if SUBNET6 %}
listen [::]:443 ssl http2{% if PROXY_PROTOCOL in ['all', 'http'] %} proxy_protocol{% endif %};
listen [::]:443 ssl http2{% if PROXY_PROTOCOL in ['all', 'all-but-http', 'http'] %} proxy_protocol{% endif %};
{% endif %}
include /etc/nginx/tls.conf;
@@ -315,7 +315,7 @@ mail {
ssl_session_cache shared:SSLMAIL:3m;
{% endif %}
{% if PROXY_PROTOCOL in ['all', 'mail'] and REAL_IP_FROM %}{% for from_ip in REAL_IP_FROM.split(',') %}
{% if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] and REAL_IP_FROM %}{% for from_ip in REAL_IP_FROM.split(',') %}
set_real_ip_from {{ from_ip }};
{% endfor %}{% endif %}
@@ -324,9 +324,9 @@ mail {
# SMTP is always enabled, to avoid losing emails when TLS is failing
server {
listen 25{% if PROXY_PROTOCOL in ['all', 'mail'] %} proxy_protocol{% endif %};
listen 25{% if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %} proxy_protocol{% endif %};
{% if SUBNET6 %}
listen [::]:25{% if PROXY_PROTOCOL in ['all', 'mail'] %} proxy_protocol{% endif %};
listen [::]:25{% if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %} proxy_protocol{% endif %};
{% endif %}
{% if TLS and not TLS_ERROR %}
{% if TLS_FLAVOR in ['letsencrypt','mail-letsencrypt'] %}

14
core/nginx/dovecot/proxy.conf
View File

@@ -73,7 +73,7 @@ service managesieve-login {
executable = managesieve-login
inet_listener sieve {
port = 4190
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %}
haproxy = yes
{% endif %}
}
@@ -90,7 +90,7 @@ protocol imap {
service imap-login {
inet_listener imap {
port = 143
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %}
haproxy = yes
{% endif %}
}
@@ -99,7 +99,7 @@ service imap-login {
{%- if TLS %}
ssl = yes
{% endif %}
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %}
haproxy = yes
{% endif %}
}
@@ -111,7 +111,7 @@ service imap-login {
service pop3-login {
inet_listener pop3 {
port = 110
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %}
haproxy = yes
{% endif %}
}
@@ -120,7 +120,7 @@ service pop3-login {
{%- if TLS %}
ssl = yes
{% endif %}
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %}
haproxy = yes
{% endif %}
}
@@ -137,7 +137,7 @@ service lmtp {
service submission-login {
inet_listener submission {
port = 587
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %}
haproxy = yes
{% endif %}
}
@@ -146,7 +146,7 @@ service submission-login {
{%- if TLS %}
ssl = yes
{% endif %}
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %}
haproxy = yes
{% endif %}
}