-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathroundcube
88 lines (88 loc) · 2.79 KB
/
roundcube
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
proxy_cache_path /tmp/cache keys_zone=cache:10m levels=1:2 inactive=600s max_size=100m;
server {
listen 80;
server_name webmail.example.tld;
return 301 https://webmail.example.tld:443$request_uri;
}
server {
listen 443 ssl;
root /opt/roundcube;
server_name webmail.example.tld;
ssl_certificate /etc/ssl/certs/exampleMail.crt;
ssl_certificate_key /etc/ssl/private/exampleMail.key;
ssl_dhparam /etc/ssl/dh2048.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling_verify on;
ssi on;
http2 on;
resolver 127.0.0.1 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
proxy_cache cache;
proxy_cache_valid 200 1s;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
include snippets/fastcgi-php.conf;
}
rewrite ^(/(?:a|A)utodiscover/(?:a|A)utodiscover\.xml)$ /autodiscover/autodiscover.xml;
rewrite ^(/mail/config-v1.1\.xml|/.well-known/autoconfig/mail/config-v1.1\.xml|/autoconfig/mail/config-v1.1\.xml)$ /autoconfig/mail/config-v1.1.xml;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
access_log off;
log_not_found off;
}
location ~ /apple-touch-icon(|-\d+x\d+)(|-precomposed).png {
log_not_found off;
access_log off;
}
location / {
index index.php;
location ~ ^/favicon.ico$ {
root /opt/roundcube/skins/larry/images;
log_not_found off;
access_log off;
expires max;
}
location ~ ^/(bin|SQL|config|temp|logs)/ {
deny all;
}
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/(.+\.md)$ {
deny all;
}
location ~ ^/program/resources/(.+\.pdf)$ {
deny all;
log_not_found off;
access_log off;
}
location ~ ^/\. {
deny all;
access_log off;
log_not_found off;
}
}
location ~ /\.(?!well-known).* {
deny all;
}
location ~ /\. {
deny all;
}
access_log /var/log/nginx/roundcube_access.log;
error_log /var/log/nginx/roundcube_error.log;
}