Skip to content

Instantly share code, notes, and snippets.

@amorfo77

amorfo77/000-default.conf

Last active July 6, 2022 01:18
Show Gist options
  • Save amorfo77/e9d2a08cf76bf2cbaecce89c765f4763 to your computer and use it in GitHub Desktop.
Save amorfo77/e9d2a08cf76bf2cbaecce89c765f4763 to your computer and use it in GitHub Desktop.
Download ZIP
Mailcow reverse proxy
Raw
000-default.conf
# General ssl config
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 4h;
ssl_session_tickets off;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_buffer_size 4k;
ssl_ecdh_curve prime256v1:secp384r1;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
}
Raw
001-mailcow.conf
server {
listen 80;
listen [::]:80;
server_name maindomain.com;
return 301 https://$host$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name autoconfig.maindomain.com;
rewrite ^/(.*)$ /autoconfig.php last;
location / {
proxy_pass http://nginx-mailcow:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
}
}
server {
listen 443 ssl;
server_name maindomain.com mail.maindomain.com www.maindomain.com autoconfig.maindomain.com autodicover.maindomain.com;
ssl_certificate /etc/ssl/maindomain-fullchain.pem;
ssl_certificate_key /etc/ssl/maindomain-privkey.pem;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://nginx-mailcow:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
}
}
Raw
002-wordpress.conf
server {
listen 80;
listen [::]:80;
server_name mywordpress.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mywordpress.com www.mywordpress.com;
gzip off;
ssl_certificate /etc/ssl/wordpress-fullchain.pem;
ssl_certificate_key /etc/ssl/wordpress-privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/chain-wordpress.pem;
resolver 8.8.8.8 8.8.4.4 valid=300s ipv6=off;
resolver_timeout 15s;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains;" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy strict-origin;
location / {
proxy_pass http://wordpress1/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
}
}
Raw
docker-compose.override.yml
version: '2.1'
services:
nginx-proxy:
image: nginx:alpine
depends_on:
- wordpress1
- nginx-mailcow
ports:
- "80:80"
- "443:443"
volumes:
- ${CST_NGINX_CONF_DIR}:/etc/nginx/conf.d
- ${CST_MYVERSION_SSL_CERTS}:/etc/ssl:ro
- ${CST_MYVERSION_DHPARAMS}/dhparams2048.pem:/etc/nginx/dhparam.pem:ro
restart: always
dns:
- ${IPV4_NETWORK:-172.22.1}.254
networks:
mailcow-network:
ipv4_address: ${IPV4_NETWORK:-172.22.1}.10
ipv6_address: fd4d:6169:6c63:6f77::100:10
aliases:
- proxy
wp1-network:
ipv4_address: ${CST_IPV4:-10.0.0}.10
ipv6_address: fd11:a:b:c::100:10
aliases:
- proxy
mysqlwp1:
image: mariadb:latest
volumes:
- ${CST_DBDATA_DIR}:/var/lib/mysql/
environment:
- MYSQL_ROOT_PASSWORD=${CST_DBROOT_PASSWORD}
- MYSQL_DATABASE=${CST_DBNAME}
- MYSQL_USER=${CST_DBUSER}
- MYSQL_PASSWORD=${CST_DBUSER_PASSWORD}
restart: always
networks:
wp1-network:
aliases:
- mysqlwp1
wordpress1:
image: wordpress:latest
depends_on:
- mysqlwp1
volumes:
- ${CST_DATA_DIR}:/var/www/html
- ${CST_MYVERSION_CONF}/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
environment:
- WORDPRESS_DB_HOST=mysqlwp1:3306
- WORDPRESS_DB_NAME=${CST_DBNAME}
- WORDPRESS_DB_USER=${CST_DBUSER}
- WORDPRESS_DB_PASSWORD=${CST_DBUSER_PASSWORD}
- VIRTUAL_HOST=${CST_DOMAIN}
restart: always
networks:
wp1-network:
aliases:
- wordpress1
networks:
wp1-network:
driver: bridge
driver_opts:
com.docker.network.bridge.name: bridge1
enable_ipv6: true
ipam:
driver: default
config:
- subnet: ${CST_IPV4:-10.0.0}.0/24
- subnet: ${CST_IPV6:-fd11:a:b:c::/64}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment