## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # http://wiki.nginx.org/Pitfalls # http://wiki.nginx.org/QuickStart # http://wiki.nginx.org/Configuration # # Generally, you will want to move this file somewhere, and start with a clean # file but keep this around for reference. Or just disable in sites-enabled. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## # Default server configuration # upstream mailcow { server mailcowdockerized_nginx-mailcow_1:8080; } server { listen 80; server_name ${SERVICE_DOMAIN} autodiscover.${DOMAIN} autoconfig.${DOMAIN}; return 301 https://$host$request_uri; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Frame-Options "DENY" always; add_header Referrer-Policy "strict-origin" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; server_tokens off; } server { listen 443; server_name ${SERVICE_DOMAIN} autodiscover.${DOMAIN} autoconfig.${DOMAIN}; ssl on; ssl_certificate /etc/nginx/ssl/${SERVICE_DOMAIN}/cert.pem; ssl_certificate_key /etc/nginx/ssl/${SERVICE_DOMAIN}/key.pem; include /etc/nginx/includes/ssl.conf; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Frame-Options "DENY" always; add_header Referrer-Policy "strict-origin" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; server_tokens off; include /etc/nginx/includes/gzip.conf; location / { proxy_pass http://mailcow/; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; } location ~ /.well-known { allow all; root /var/www/html; } }