beenull/power-mailinabox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revert .nginx.conf file features

Browse source
This commit is contained in:
David Duque 2020-09-27 01:31:51 +01:00
parent 689df9cff5
commit 7725e6efe6
No known key found for this signature in database
GPG key ID: 2F327738A3C0AE3A
3 changed files with 8 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
conf/nginx-default.conf → conf/nginx-alldomains.conf
View file

@ -78,7 +78,7 @@
# we're blocking dotfiles in the static hosted sites but not the FastCGI- # we're blocking dotfiles in the static hosted sites but not the FastCGI-
# handled locations for Nextcloud (which serves user-uploaded files that might # handled locations for Nextcloud (which serves user-uploaded files that might
# have this pattern, see #414) or some of the other services. # have this pattern, see #414) or some of the other services.
location ~ /\.(ht|svn|git|hg|bzr|.*\.conf) { location ~ /\.(ht|svn|git|hg|bzr) {
log_not_found off; log_not_found off;
access_log off; access_log off;
deny all; deny all;

36
conf/nginx-custom.conf
View file

@ -1,36 +0,0 @@
# Expose this directory as static files.
root $ROOT;
index index.html index.htm;
# If you want to use the PHP socket, use the "php-fpm" alias.
# DON'T DELETE THE LINE BELOW
# ADDITIONAL DIRECTIVES HERE
# Ensure we have the MTA-STS policy enabled
location = /.well-known/mta-sts.txt {
alias /var/lib/mailinabox/mta-sts.txt;
}
# Disable error logs for these
location = /robots.txt {
log_not_found off;
access_log off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
# This block is placed at the end. Nginx's precedence rules means this block
# takes precedence over all non-regex matches and only regex matches that
# come after it (i.e. none of those, since this is the last one.) That means
# we're blocking dotfiles in the static hosted sites but not the FastCGI-
# handled locations for Nextcloud (which serves user-uploaded files that might
# have this pattern, see #414) or some of the other services.
location ~ /\.(ht|svn|git|hg|bzr|.*\.conf) {
log_not_found off;
access_log off;
deny all;
}

32
management/web_update.py
View file

@ -80,20 +80,12 @@ def do_web_update(env):
# Load the templates. # Load the templates.
template0 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx.conf")).read() template0 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx.conf")).read()
template1 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-default.conf")).read() template1 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-alldomains.conf")).read()
template2 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-primaryonly.conf")).read() template2 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-primaryonly.conf")).read()
template3 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-custom.conf")).read() template3 = "\trewrite ^(.*) https://$REDIRECT_DOMAIN$1 permanent;\n"
template4 = "\trewrite ^(.*) https://$REDIRECT_DOMAIN$1 permanent;\n"
# Add the PRIMARY_HOST configuration first so it becomes nginx's default server. # Add the PRIMARY_HOST configuration first so it becomes nginx's default server.
default_conf = make_domain_config(env['PRIMARY_HOSTNAME'], [template0, template1, template2], ssl_certificates, env) nginx_conf += make_domain_config(env['PRIMARY_HOSTNAME'], [template0, template1, template2], ssl_certificates, env)
default_conf_file = os.path.join(get_web_root(env['PRIMARY_HOSTNAME'], env), ".nginx.conf")
if not os.path.exists(default_conf_file):
with open(default_conf_file, "w") as f:
f.write(default_conf)
nginx_conf += default_conf
# Add configuration all other web domains. # Add configuration all other web domains.
has_root_proxy_or_redirect = get_web_domains_with_root_overrides(env) has_root_proxy_or_redirect = get_web_domains_with_root_overrides(env)
@ -104,23 +96,13 @@ def do_web_update(env):
continue continue
if domain in web_domains_not_redirect: if domain in web_domains_not_redirect:
# This is a regular domain. # This is a regular domain.
local_conf = "" if domain not in has_root_proxy_or_redirect:
nginx_conf_custom = os.path.join(get_web_root(domain, env), ".nginx.conf") nginx_conf += make_domain_config(domain, [template0, template1], ssl_certificates, env)
if os.path.exists(nginx_conf_custom) and not is_default_web_root(domain, env):
with open(nginx_conf_custom, "r") as f:
local_conf = f.read()
elif domain not in has_root_proxy_or_redirect:
local_conf = make_domain_config(domain, [template0, template3], ssl_certificates, env)
else: else:
local_conf = make_domain_config(domain, [template0], ssl_certificates, env) nginx_conf += make_domain_config(domain, [template0], ssl_certificates, env)
nginx_conf += local_conf
if not is_default_web_root(domain, env):
with open(nginx_conf_custom, "w+") as f:
f.write(local_conf)
else: else:
# Add default 'www.' redirect. # Add default 'www.' redirect.
nginx_conf += make_domain_config(domain, [template0, template4], ssl_certificates, env) nginx_conf += make_domain_config(domain, [template0, template3], ssl_certificates, env)
# Did the file change? If not, don't bother writing & restarting nginx. # Did the file change? If not, don't bother writing & restarting nginx.
nginx_conf_fn = "/etc/nginx/conf.d/local.conf" nginx_conf_fn = "/etc/nginx/conf.d/local.conf"