1

Topic: Nginx upgrade from 0.9.4

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Deployed with iRedMail Easy or the downloadable installer? easy
- Linux/BSD distribution name and version: Ubuntu Server 14.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,
am upgrading my setup from 0.9.4 to current version (0.9.9)
am now at 0.9.7 and in upgrade steps there is configuration should be put in nginx templates, but my folder is empty.
all my configuration are stored in "conf.d/efault.conf", how to split it to templates and add the new settings ? your help is appreciated.


 
upstream php_workers {
    server unix:/var/run/php-fpm.socket;
}

# HTTP
server {
    listen 80;
    server_name _;

    root /var/www/html;
    index index.php index.html index.htm;

    location / {
        root /var/www/html;
    }
    
    
    # Normal PHP scripts
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass php_workers;
        fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
    fastcgi_param HTTP_PROXY '';
    }

    # Redirect webmail/SOGo/iredadmin to HTTPS
    location ~ ^/mail { rewrite ^ https://$host$request_uri?; }
    location ~* ^/sogo { rewrite ^ https://$host/SOGo; }
    location ~ ^/iredadmin { rewrite ^ https://$host$request_uri?; }
    
    # Allow access to '^/.well-known/'
    location ~ ^/.well-known/ {
    allow all;
    access_log off;
    log_not_found off;
    autoindex off;
    }

    # Deny all attempts to access hidden files such as .htaccess.
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Handling noisy favicon.ico messages
    location = /favicon.ico {
        access_log off;
        log_not_found off;
    }
}

# HTTPS
server {
    listen 443;
    server_name _;

    ssl on;
# Use HTTP Strict Transport Security to force client to use secure connections only.
# Reference:
# https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
    add_header Strict-Transport-Security "max-age=15768000";
    ssl_certificate /etc/ssl/certs/****.chained.crt;
    ssl_certificate_key /etc/ssl/private/*****-godaddy.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers '****';
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/dhparams.pem;

    index index.php index.html index.htm;

    location / {
        root /var/www/html;
    }

    # Deny all attempts to access hidden files such as .htaccess.
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Handling noisy favicon.ico messages
    location = ^/favicon.ico {
        access_log off;
        log_not_found off;
    }

    # Roundcube webmail
    location ~ ^/mail(.*)\.php$ {
        include fastcgi_params;
        fastcgi_pass php_workers;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /usr/share/apache2/roundcubemail$1.php;
    fastcgi_param HTTP_PROXY '';
    }

    location ~ ^/mail(.*) {
        alias /usr/share/apache2/roundcubemail$1;
        index index.php;
    }

    location ~ ^/mail/(bin|SQL|README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { deny all; }

    # Normal PHP scripts
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass php_workers;
        fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
    fastcgi_param HTTP_PROXY '';    
    }

    # iRedAdmin: static files under /iredadmin/static
    location ~ ^/iredadmin/static/(.*) {
        alias /usr/share/apache2/iredadmin/static/$1;
    }
    # iRedAdmin: Python scripts
    location ~ ^/iredadmin(.*) {
        rewrite ^/iredadmin(/.*)$ $1 break;
        include uwsgi_params;
        uwsgi_pass unix:/var/run/uwsgi_iredadmin.socket;
        uwsgi_param UWSGI_CHDIR /usr/share/apache2/iredadmin;
        uwsgi_param UWSGI_SCRIPT iredadmin;
        uwsgi_param SCRIPT_NAME /iredadmin;
    }
    # iRedAdmin: redirect /iredadmin to /iredadmin/
    location = /iredadmin {
        rewrite ^ /iredadmin/;
    }
    # Handle newsletter-style subscription/unsubscription supported in iRedAdmin-Pro.
    location ~ ^/newsletter/ {
        rewrite /newsletter/(.*) /iredadmin/newsletter/$1 last;
    }
    # SOGo
    location ~ ^/sogo { rewrite ^ https://$host/SOGo; }
    location ~ ^/SOGO { rewrite ^ https://$host/SOGo; }

    # For IOS 7
    location = /principals/ {
        rewrite ^ https://$server_name/SOGo/dav;
        allow all;
    }

    location ^~ /SOGo {
        proxy_pass http://127.0.0.1:20000;
        #proxy_redirect http://127.0.0.1:20000/SOGo/ /SOGo;
        # forward user's IP address
        #proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header Host $host;
        proxy_set_header x-webobjects-server-protocol HTTP/1.0;
        #proxy_set_header x-webobjects-remote-host 127.0.0.1;
        #proxy_set_header x-webobjects-server-name $server_name;
        #proxy_set_header x-webobjects-server-url $scheme://$host;
    }

    location ^~ /Microsoft-Server-ActiveSync {
        proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
        proxy_redirect http://127.0.0.1:20000/Microsoft-Server-ActiveSync /;
    }

    location ^~ /SOGo/Microsoft-Server-ActiveSync {
        proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
        proxy_redirect http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync /;
    }

    location /SOGo.woa/WebServerResources/ {
        alias /usr/lib/GNUstep/SOGo/WebServerResources/;
    }
    location /SOGo/WebServerResources/ {
        alias /usr/lib/GNUstep/SOGo/WebServerResources/;
    }
    location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ {
        alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
    }
    # Running netdata as a subfolder to an existing virtual host
    # FYI: https://github.com/firehol/netdata/wiki/Running-behind-nginx

    location = /netdata {
            return 301 /netdata/;
    }

    location ~ /netdata/(?<ndpath>.*) {
    proxy_redirect off;
    proxy_set_header Host $host;

    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_pass_request_headers on;
    proxy_set_header Connection "keep-alive";
    proxy_store off;
    proxy_pass http://127.0.0.1:19999/$ndpath$is_args$args;

    gzip on;
    gzip_proxied any;
    gzip_types *;

    auth_basic "Authentication Required";
    auth_basic_user_file /etc/nginx/netdata.users;
    }
}

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Nginx upgrade from 0.9.4

also for DNSBL settings, I can't find postscreen_dnsbl_sites in my main.cf of postfix.

3

Re: Nginx upgrade from 0.9.4

k-hussein wrote:

am now at 0.9.7 and in upgrade steps there is configuration should be put in nginx templates, but my folder is empty.

iRedMail-0.9.4 doesn't offer Nginx as optional component, so you can stick with Apache.
For the steps relevant to Nginx in iRedMail upgrade tutorials, you can simply ignore them.

k-hussein wrote:

also for DNSBL settings, I can't find postscreen_dnsbl_sites in my main.cf of postfix.

That means you don't have postscreen service enabled, you can ignore it.

4

Re: Nginx upgrade from 0.9.4

what Apache ?, my server already running Nginx

5

Re: Nginx upgrade from 0.9.4

My mistake, Nginx support was introduced since iRedMail-0.9.0.

You can check our sample Nginx config files, it has the template files (configuration snippet files):
https://bitbucket.org/zhb/iredmail/src/ … les/nginx/