scottk/Mailu
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/Mailu.git synced 2025-10-30 17:47:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

simplify config with TLS, PORTS and PROXY_PROTOCOL

Browse Source
This commit is contained in:
Florent Daigniere
2024-04-06 17:28:38 +02:00
parent efb3892b09
commit e0b64a9e54
6 changed files with 81 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
core/nginx/config.py
View File

@@ -70,6 +70,44 @@ with open("/etc/resolv.conf") as handle:
resolver = content[content.index("nameserver") + 1]
args["RESOLVER"] = f"[{resolver}]" if ":" in resolver else resolver
# Configure PROXY_PROTOCOL
PROTO_MAIL=['SMTP', 'POP3', 'POP3S', 'IMAP', 'IMAPS', 'SUBMISSION', 'SUBMISSIONS', 'MANAGESIEVE']
PROTO_ALL_BUT_HTTP=PROTO_MAIL.copy()
PROTO_ALL_BUT_HTTP.extend(['HTTPS'])
PROTO_ALL=PROTO_ALL_BUT_HTTP.copy()
PROTO_ALL.extend(['HTTP'])
for item in args.get('PROXY_PROTOCOL', '').split(','):
match item:
case '25': args['PROXY_PROTOCOL_SMTP']=True; continue
case '80': args['PROXY_PROTOCOL_HTTP']=True; continue
case '110': args['PROXY_PROTOCOL_POP3']=True; continue
case '143': args['PROXY_PROTOCOL_IMAP']=True; continue
case '443': args['PROXY_PROTOCOL_HTTPS']=True; continue
case '465': args['PROXY_PROTOCOL_SUBMISSIONS']=True; continue
case '587': args['PROXY_PROTOCOL_SUBMISSION']=True; continue
case '993': args['PROXY_PROTOCOL_IMAPS']=True; continue
case '995': args['PROXY_PROTOCOL_POP3S']=True; continue
case '4190': args['PROXY_PROTOCOL_MANAGESIEVE']=True; continue
case 'mail':
for p in PROTO_MAIL: args[f'PROXY_PROTOCOL_{p}']=True; continue
case 'all-but-http':
for p in PROTO_ALL_BUT_HTTP: args[f'PROXY_PROTOCOL_{p}']=True; continue
case 'all':
for p in PROTO_ALL: args[f'PROXY_PROTOCOL_{p}']=True; continue
PORTS_REQUIRING_TLS=['443', '465', '993', '995']
ALL_PORTS='25,80,443,465,587,993,995,4190'
for item in args.get('PORTS', ALL_PORTS).split(','):
if item in PORTS_REQUIRING_TLS and args['TLS_FLAVOR'] == 'notls':
continue
args[f'PORT_{item}']=True
for item in args.get('TLS', ALL_PORTS).split(','):
if item in PORTS_REQUIRING_TLS:
if args['TLS_FLAVOR'] == 'notls':
continue
args[f'TLS_{item}']=True
# TLS configuration
cert_name = args.get("TLS_CERT_FILENAME", "cert.pem")
keypair_name = args.get("TLS_KEYPAIR_FILENAME", "key.pem")
@@ -129,6 +167,8 @@ if args["TLS"] and not all(os.path.exists(file_path) for file_path in args["TLS"
print("Missing cert or key file, disabling TLS")
args["TLS_ERROR"] = "yes"
args['TLS_PERMISSIVE'] = str(args.get('TLS_PERMISSIVE')).lower() not in ('false', 'no')
# Build final configuration paths
conf.jinja("/conf/tls.conf", args, "/etc/nginx/tls.conf")
conf.jinja("/conf/proxy.conf", args, "/etc/nginx/proxy.conf")