Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
cp /etc/letsencrypt/live/mail.milanvit.net/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
cp /etc/letsencrypt/live/mail.milanvit.net/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem
#cp /etc/letsencrypt/live/webmail.milanvit.net/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert-webmail.pem
#cp /etc/letsencrypt/live/webmail.milanvit.net/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key-webmail.pem
nginx -t && service nginx reload
postfix=$(docker container ps -qaf name=postfix-mailcow)
dovecot=$(docker container ps -qaf name=dovecot-mailcow)
nginx=$(docker container ps -qaf name=nginx-mailcow)
docker container restart ${postfix} ${dovecot} ${nginx}
# In the future, I might as well switch to just reloading the required services:
# docker container exec $(docker container ps -qaf name=postfix-mailcow) postfix reload
# docker container exec $(docker container ps -qaf name=nginx-mailcow) nginx -s reload
# docker container exec $(docker container ps -qaf name=dovecot-mailcow) dovecot reload
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mail.milanvit.net autodiscover.* autoconfig.*;
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
root /var/www/_letsencrypt;
}
}
server {
listen 443;
listen [::]:443;
server_name mail.milanvit.net autodiscover.* autoconfig.*;
ssl on;
ssl_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem;
ssl_certificate_key /opt/mailcow-dockerized/data/assets/ssl/key.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
# See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations
# An example config is given below
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA;
ssl_prefer_server_ciphers off;
location /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 75;
proxy_send_timeout 3650;
proxy_read_timeout 3650;
proxy_buffers 64 256k;
client_body_buffer_size 512k;
client_max_body_size 0;
}
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
}
}
server {
listen 80;
listen [::]:80;
server_name webmail.milanvit.net;
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
root /var/www/_letsencrypt;
}
}
server {
listen 443;
listen [::]:443;
server_name webmail.milanvit.net;
ssl on;
ssl_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem;
ssl_certificate_key /opt/mailcow-dockerized/data/assets/ssl/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
proxy_connect_timeout 4000;
proxy_next_upstream timeout error;
proxy_send_timeout 4000;
proxy_read_timeout 4000;
}
location / {
return 301 https://mail.milanvit.net/SOGo;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment