Last active
January 17, 2019 14:17
-
-
Save Alvarus/5245005 to your computer and use it in GitHub Desktop.
A sample nginx + php-fpm pool config for Kolab 3.
Roundcube web client will be accessible from "https://mail.example.net", Kolab web administration from "https://mail.example.net/kolab-webadmin".
Attempt to set all php variables using "fastcgi_param PHP_VALUE" resulted in strange behaviour, so they're set in php-fpm pools.
Please note that sligh…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# http part, may want to move that to nginx.conf, but will work here also | |
fastcgi_cache_path /var/lib/nginx/fastcgi/ levels=1:2 keys_zone=kolab3.example.net:16m max_size=256m inactive=1d; | |
fastcgi_temp_path /var/lib/nginx/fastcgi/temp 1 2; | |
fastcgi_cache_key "$scheme$request_method$host$request_uri"; | |
fastcgi_cache_use_stale error timeout invalid_header http_500; | |
server { | |
listen 80; | |
server_name kolab3.example.net; | |
rewrite ^ https://$server_name$request_uri permanent; # enforce https | |
} | |
server { | |
listen 443 ssl; | |
server_name .kolab3.example.net; | |
access_log /var/log/nginx/access_kolab3.example.net_ssl.log; | |
error_log /var/log/nginx/error_kolab3.example.net_ssl.log; | |
ssl on; | |
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; # dummy certificate, please create your own | |
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; # dummy certificate key, please create your own | |
#------------------------------------------------- | |
# cache settings | |
#------------------------------------------------- | |
open_file_cache max=1024 inactive=1m; | |
open_file_cache_valid 90s; | |
open_file_cache_min_uses 2; | |
#------------------------------------------------- | |
# Common Fastcgi settings | |
#------------------------------------------------- | |
fastcgi_param HTTPS on; | |
fastcgi_keep_conn on; | |
fastcgi_cache kolab3.example.net; | |
fastcgi_cache_valid 200 302 304 10m; | |
fastcgi_cache_valid 301 1h; | |
fastcgi_cache_min_uses 2; | |
fastcgi_buffers 256 4k; | |
fastcgi_busy_buffers_size 8k; | |
fastcgi_temp_file_write_size 8k; | |
#------------------------------------------------- | |
# roundcube mail | |
#------------------------------------------------- | |
location / { | |
index index.php; | |
root /usr/share/roundcubemail; | |
client_max_body_size 30M; # set maximum upload size for mail attachments | |
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). | |
location ~ ^/(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { | |
deny all; | |
} | |
location ~ ^/(bin|SQL|config|logs)/ { | |
deny all; | |
} | |
location ~^/program/(include|lib|localization|steps)/ { | |
deny all; | |
} | |
location ~ /\. { | |
deny all; | |
access_log off; | |
log_not_found off; | |
} | |
# enable php | |
location ~ \.php$ { | |
include fastcgi_params; | |
fastcgi_split_path_info ^(.+\.php)(/.*)$; | |
fastcgi_pass unix:/var/run/php5-roundcube.sock; | |
fastcgi_param SCRIPT_FILENAME $request_filename; | |
} | |
} | |
#------------------------------------------------- | |
# kolab web administration panel | |
#------------------------------------------------- | |
location /kolab-webadmin { | |
index index.php; | |
alias /usr/share/kolab-webadmin/public_html; | |
try_files $uri $uri/ @kolab-wapapi; | |
# enable php | |
location ~ \.php$ { | |
include fastcgi_params; | |
fastcgi_pass unix:/var/run/php5-wap.sock; | |
fastcgi_param SCRIPT_FILENAME $request_filename; | |
# Without this, PHPSESSION is replaced by webadmin-api X-Session-Token | |
fastcgi_param PHP_VALUE "session.auto_start=0 | |
session.use_cookies=0"; | |
fastcgi_pass_header X-Session-Token; | |
} | |
} | |
# kolab-webadmin api | |
location @kolab-wapapi { | |
rewrite ^/kolab-webadmin/api/(.*)\.(.*)$ /kolab-webadmin/api/index.php?service=$1&method=$2 last; | |
} | |
#------------------------------------------------- | |
# Kolab syncroton ActiveSync | |
#------------------------------------------------- | |
location /Microsoft-Server-ActiveSync { | |
alias /usr/share/kolab-syncroton/index.php; | |
client_max_body_size 30M; # set maximum upload size for mail attachments | |
include fastcgi_params; | |
fastcgi_index index.php; | |
fastcgi_pass unix:/var/run/php5-syncroton.sock; | |
fastcgi_param SCRIPT_FILENAME /usr/share/kolab-syncroton/index.php; | |
} | |
#------------------------------------------------- | |
# Kolab freebusy | |
#------------------------------------------------- | |
location /freebusy { | |
alias /usr/share/kolab-freebusy/public_html/index.php; | |
include fastcgi_params; | |
fastcgi_index index.php; | |
fastcgi_pass unix:/var/run/php5-freebusy.sock; | |
fastcgi_param SCRIPT_FILENAME /usr/share/kolab-freebusy/public_html/index.php; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[kolab-freebusy] | |
user = www-data | |
group = www-data | |
listen = /var/run/php5-freebusy.sock | |
pm = dynamic | |
pm.max_children = 40 | |
pm.start_servers = 15 | |
pm.min_spare_servers = 10 | |
pm.max_spare_servers = 20 | |
chdir = / |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[kolab-syncroton] | |
user = www-data | |
group = www-data | |
listen = /var/run/php5-syncroton.sock | |
pm = dynamic | |
pm.max_children = 40 | |
pm.start_servers = 15 | |
pm.min_spare_servers = 10 | |
pm.max_spare_servers = 20 | |
chdir = / |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[kolab-wap] | |
user = www-data | |
group = www-data | |
listen = /var/run/php5-wap.sock | |
pm = dynamic | |
pm.max_children = 40 | |
pm.start_servers = 15 | |
pm.min_spare_servers = 10 | |
pm.max_spare_servers = 20 | |
chdir = / |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[roundcubemail] | |
user = www-data | |
group = www-data | |
listen = /var/run/php5-roundcube.sock | |
pm = dynamic | |
pm.max_children = 40 | |
pm.start_servers = 15 | |
pm.min_spare_servers = 10 | |
pm.max_spare_servers = 20 | |
chdir = / | |
# Derived from .htaccess of roundcube | |
php_flag[display_errors] = Off | |
php_flag[log_errors] = On | |
php_value[upload_max_filesize] = 30M | |
php_value[post_max_size] = 30M | |
php_flag[zlib.output_compression] = Off | |
php_flag[magic_quotes_gpc] = Off | |
php_flag[magic_quotes_runtime] = Off | |
php_flag[zend.ze1_compatibility_mode] = Off | |
php_flag[suhosin.session.encrypt] = Off | |
php_flag[session.auto_start] = Off | |
php_value[session.gc_maxlifetime] = 21600 | |
php_value[session.gc_divisor] = 500 | |
php_value[session.gc_probability] = 1 | |
# http://bugs.php.net/bug.php?id=30766 | |
php_value[mbstring.func_overload] = 0 |
works nicely on debian with a few minor changes:
had to change the php conf files according to quiricada
also the nginx documentation http://nginx.org/en/docs/http/converting_rewrite_rules.html recommends using 301 redirect instead of rewrite
return 301 https://$server_name$request_uri;
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This basically works good for me, but I noticed that my iphone don't automatically detect new mails in idle state. If I check for new mails manually, they arrive at my iphone.
If I switch back to the apache, everything works like charm.
The following errors occur in the nginx error.log:
[error] 5211#0: *79 upstream timed out (110: Connection timed out) while reading response header from upstream, client: xx.xx.xx.xx, server: domain.com, request: "POST /Microsoft-Server-ActiveSync?User=mail@domain.com&DeviceId=ApplF99ATZEZFFG8&DeviceType=iPhone&Cmd=Ping HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-syncroton.sock", host: "domain.com"