From adf6f519939c1d515a3c067aad1a8615bb73909a Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Sun, 2 Jun 2024 13:26:14 +0200 Subject: [PATCH] Update config files --- etc/dovecot/dovecot.conf | 7 ++----- etc/nginx/nginx.conf | 9 --------- etc/nginx/sites-enabled/mail | 8 ++++---- etc/nginx/sites-enabled/openpgpkey | 2 +- etc/postfix/main.cf | 5 ++--- etc/prosody/prosody.cfg.lua | 1 - 6 files changed, 9 insertions(+), 23 deletions(-) diff --git a/etc/dovecot/dovecot.conf b/etc/dovecot/dovecot.conf index e5e09e0..49e5005 100644 --- a/etc/dovecot/dovecot.conf +++ b/etc/dovecot/dovecot.conf @@ -14,7 +14,7 @@ mail_debug = no verbose_ssl = no mail_location = maildir:/var/mail/vmail/%d/%n mail_home = /var/mail/vmail/%d/%n -mail_plugins = $mail_plugins mail_crypt zlib +mail_plugins = $mail_plugins mail_crypt quota zlib mailbox_list_index = yes mail_always_cache_fields = date.save @@ -58,11 +58,8 @@ ssl_prefer_server_ciphers = yes #protocol setup protocols = "imap pop3 lmtp" -protocol lmtp { - postmaster_address = postmaster@danwin1210.de -} protocol imap { - mail_plugins = $mail_plugins quota imap_quota imap_zlib last_login + mail_plugins = $mail_plugins imap_quota imap_zlib last_login } protocol pop3 { mail_plugins = $mail_plugins last_login diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index f2a78be..5d8088a 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -66,18 +66,10 @@ http { resolver 127.0.0.1 [::1]; resolver_timeout 2s; root /var/www/html; - proxy_cache_path /var/lib/nginx/cache levels=2 keys_zone=cache:10m inactive=30d max_size=1g; - proxy_cache_revalidate on; - proxy_cache_use_stale http_503 timeout updating error; - proxy_no_cache $http_pragma $http_authorization; - proxy_cache_bypass $cookie_nocache $arg_nocache; map $http_upgrade $connection_upgrade { default upgrade; '' ''; } - proxy_cache_lock_timeout 2m; - proxy_cache_lock_age 2m; - proxy_cache cache; proxy_http_version 1.1; proxy_buffer_size 8k; proxy_buffering off; @@ -88,7 +80,6 @@ http { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_ignore_client_abort on; - proxy_cache_key $server_name$request_method$host$request_uri; proxy_read_timeout 3600; #wait up to 60 minutes for e.g. database import ## diff --git a/etc/nginx/sites-enabled/mail b/etc/nginx/sites-enabled/mail index ea6be91..ac74e07 100644 --- a/etc/nginx/sites-enabled/mail +++ b/etc/nginx/sites-enabled/mail @@ -28,13 +28,13 @@ server { add_header Cross-Origin-Opener-Policy same-origin always; add_header Cross-Origin-Resource-Policy same-origin always; include snippets/fastcgi-php.conf; - fastcgi_pass unix:/run/php/php8.1-fpm.sock; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; expires off; } location ~ \.php$ { add_header Referrer-Policy no-referrer always; include snippets/fastcgi-php.conf; - fastcgi_pass unix:/run/php/php8.1-fpm.sock; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; expires off; } } @@ -76,7 +76,7 @@ server { add_header Cross-Origin-Opener-Policy same-origin always; add_header Cross-Origin-Resource-Policy same-origin always; include snippets/fastcgi-php.conf; - fastcgi_pass unix:/run/php/php8.1-fpm.sock; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; expires off; } location ~ \.php$ { @@ -85,7 +85,7 @@ server { add_header Expect-CT "max-age=86400, enforce" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; include snippets/fastcgi-php.conf; - fastcgi_pass unix:/run/php/php8.1-fpm.sock; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; expires off; } } diff --git a/etc/nginx/sites-enabled/openpgpkey b/etc/nginx/sites-enabled/openpgpkey index 918507f..9be5952 100644 --- a/etc/nginx/sites-enabled/openpgpkey +++ b/etc/nginx/sites-enabled/openpgpkey @@ -13,7 +13,7 @@ server { rewrite /.well-known/openpgpkey/(.*)/hu /mail/openpgpkey_wkd.php?domain=$1 last; location ~ \.php$ { include snippets/fastcgi-php.conf; - fastcgi_pass unix:/run/php/php8.1-fpm.sock; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; expires off; } ssl_certificate /etc/acme.sh/danwin1210.de_ecc/fullchain.cer; diff --git a/etc/postfix/main.cf b/etc/postfix/main.cf index 962f368..d65fb38 100644 --- a/etc/postfix/main.cf +++ b/etc/postfix/main.cf @@ -33,12 +33,11 @@ smtp_tls_mandatory_ciphers = HIGH tls_eecdh_auto_curves = X448 X25519 secp521r1 secp384r1 prime256v1 smtpd_tls_protocols = TLSv1.2 TLSv1.3 smtp_tls_protocols = TLSv1.2 TLSv1.3 -smtpd_tls_exclude_ciphers = aNULL MD5 SHA CAMELLIA -smtpd_tls_mandatory_exclude_ciphers = aNULL MD5 SHA CAMELLIA +smtpd_tls_exclude_ciphers = aNULL MD5 SHA CAMELLIA RSA AES+SHA256 AES+SHA384 +smtpd_tls_mandatory_exclude_ciphers = aNULL MD5 SHA CAMELLIA RSA AES+SHA256 AES+SHA384 smtp_tls_exclude_ciphers = aNULL MD5 SHA CAMELLIA AES+SHA256 AES+SHA384 smtp_tls_mandatory_exclude_ciphers = aNULL MD5 SHA CAMELLIA AES+SHA256 AES+SHA384 tls_preempt_cipherlist = yes -smtpd_tls_dh1024_param_file = /etc/postfix/dh4096.pem smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache diff --git a/etc/prosody/prosody.cfg.lua b/etc/prosody/prosody.cfg.lua index f5ddf76..44d43a7 100644 --- a/etc/prosody/prosody.cfg.lua +++ b/etc/prosody/prosody.cfg.lua @@ -96,7 +96,6 @@ modules_enabled = { "conversejs"; "http_altconnect"; "external_services"; - "conversejs"; } -- These modules are auto-loaded, but should you want