diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf index fdc3e171..3e91e998 100644 --- a/core/nginx/conf/nginx.conf +++ b/core/nginx/conf/nginx.conf @@ -22,7 +22,7 @@ http { {% if REAL_IP_HEADER %} real_ip_header {{ REAL_IP_HEADER }}; - {% elif PROXY_PROTOCOL in ['all', 'http'] %} + {% elif PROXY_PROTOCOL in ['all', 'all-but-http', 'http'] %} real_ip_header proxy_protocol; {% endif %} @@ -104,9 +104,9 @@ http { # Only enable HTTPS if TLS is enabled with no error and not on kubernetes {% if not KUBERNETES_INGRESS and TLS and not TLS_ERROR %} - listen 443 ssl http2{% if PROXY_PROTOCOL in ['all', 'http'] %} proxy_protocol{% endif %}; + listen 443 ssl http2{% if PROXY_PROTOCOL in ['all', 'all-but-http', 'http'] %} proxy_protocol{% endif %}; {% if SUBNET6 %} - listen [::]:443 ssl http2{% if PROXY_PROTOCOL in ['all', 'http'] %} proxy_protocol{% endif %}; + listen [::]:443 ssl http2{% if PROXY_PROTOCOL in ['all', 'all-but-http', 'http'] %} proxy_protocol{% endif %}; {% endif %} include /etc/nginx/tls.conf; @@ -315,7 +315,7 @@ mail { ssl_session_cache shared:SSLMAIL:3m; {% endif %} - {% if PROXY_PROTOCOL in ['all', 'mail'] and REAL_IP_FROM %}{% for from_ip in REAL_IP_FROM.split(',') %} + {% if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] and REAL_IP_FROM %}{% for from_ip in REAL_IP_FROM.split(',') %} set_real_ip_from {{ from_ip }}; {% endfor %}{% endif %} @@ -324,9 +324,9 @@ mail { # SMTP is always enabled, to avoid losing emails when TLS is failing server { - listen 25{% if PROXY_PROTOCOL in ['all', 'mail'] %} proxy_protocol{% endif %}; + listen 25{% if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %} proxy_protocol{% endif %}; {% if SUBNET6 %} - listen [::]:25{% if PROXY_PROTOCOL in ['all', 'mail'] %} proxy_protocol{% endif %}; + listen [::]:25{% if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %} proxy_protocol{% endif %}; {% endif %} {% if TLS and not TLS_ERROR %} {% if TLS_FLAVOR in ['letsencrypt','mail-letsencrypt'] %} diff --git a/core/nginx/dovecot/proxy.conf b/core/nginx/dovecot/proxy.conf index 4ab54005..e1e35600 100644 --- a/core/nginx/dovecot/proxy.conf +++ b/core/nginx/dovecot/proxy.conf @@ -73,7 +73,7 @@ service managesieve-login { executable = managesieve-login inet_listener sieve { port = 4190 -{%- if PROXY_PROTOCOL in ['all', 'mail'] %} +{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %} haproxy = yes {% endif %} } @@ -90,7 +90,7 @@ protocol imap { service imap-login { inet_listener imap { port = 143 -{%- if PROXY_PROTOCOL in ['all', 'mail'] %} +{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %} haproxy = yes {% endif %} } @@ -99,7 +99,7 @@ service imap-login { {%- if TLS %} ssl = yes {% endif %} -{%- if PROXY_PROTOCOL in ['all', 'mail'] %} +{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %} haproxy = yes {% endif %} } @@ -111,7 +111,7 @@ service imap-login { service pop3-login { inet_listener pop3 { port = 110 -{%- if PROXY_PROTOCOL in ['all', 'mail'] %} +{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %} haproxy = yes {% endif %} } @@ -120,7 +120,7 @@ service pop3-login { {%- if TLS %} ssl = yes {% endif %} -{%- if PROXY_PROTOCOL in ['all', 'mail'] %} +{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %} haproxy = yes {% endif %} } @@ -137,7 +137,7 @@ service lmtp { service submission-login { inet_listener submission { port = 587 -{%- if PROXY_PROTOCOL in ['all', 'mail'] %} +{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %} haproxy = yes {% endif %} } @@ -146,7 +146,7 @@ service submission-login { {%- if TLS %} ssl = yes {% endif %} -{%- if PROXY_PROTOCOL in ['all', 'mail'] %} +{%- if PROXY_PROTOCOL in ['all', 'all-but-http', 'mail'] %} haproxy = yes {% endif %} }