Topic: Nginx upgrade from 0.9.4
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Deployed with iRedMail Easy or the downloadable installer? easy
- Linux/BSD distribution name and version: Ubuntu Server 14.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hello,
am upgrading my setup from 0.9.4 to current version (0.9.9)
am now at 0.9.7 and in upgrade steps there is configuration should be put in nginx templates, but my folder is empty.
all my configuration are stored in "conf.d/efault.conf", how to split it to templates and add the new settings ? your help is appreciated.
upstream php_workers {
server unix:/var/run/php-fpm.socket;
}
# HTTP
server {
listen 80;
server_name _;
root /var/www/html;
index index.php index.html index.htm;
location / {
root /var/www/html;
}
# Normal PHP scripts
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php_workers;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
fastcgi_param HTTP_PROXY '';
}
# Redirect webmail/SOGo/iredadmin to HTTPS
location ~ ^/mail { rewrite ^ https://$host$request_uri?; }
location ~* ^/sogo { rewrite ^ https://$host/SOGo; }
location ~ ^/iredadmin { rewrite ^ https://$host$request_uri?; }
# Allow access to '^/.well-known/'
location ~ ^/.well-known/ {
allow all;
access_log off;
log_not_found off;
autoindex off;
}
# Deny all attempts to access hidden files such as .htaccess.
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Handling noisy favicon.ico messages
location = /favicon.ico {
access_log off;
log_not_found off;
}
}
# HTTPS
server {
listen 443;
server_name _;
ssl on;
# Use HTTP Strict Transport Security to force client to use secure connections only.
# Reference:
# https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
add_header Strict-Transport-Security "max-age=15768000";
ssl_certificate /etc/ssl/certs/****.chained.crt;
ssl_certificate_key /etc/ssl/private/*****-godaddy.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers '****';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/dhparams.pem;
index index.php index.html index.htm;
location / {
root /var/www/html;
}
# Deny all attempts to access hidden files such as .htaccess.
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Handling noisy favicon.ico messages
location = ^/favicon.ico {
access_log off;
log_not_found off;
}
# Roundcube webmail
location ~ ^/mail(.*)\.php$ {
include fastcgi_params;
fastcgi_pass php_workers;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/apache2/roundcubemail$1.php;
fastcgi_param HTTP_PROXY '';
}
location ~ ^/mail(.*) {
alias /usr/share/apache2/roundcubemail$1;
index index.php;
}
location ~ ^/mail/(bin|SQL|README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { deny all; }
# Normal PHP scripts
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php_workers;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
fastcgi_param HTTP_PROXY '';
}
# iRedAdmin: static files under /iredadmin/static
location ~ ^/iredadmin/static/(.*) {
alias /usr/share/apache2/iredadmin/static/$1;
}
# iRedAdmin: Python scripts
location ~ ^/iredadmin(.*) {
rewrite ^/iredadmin(/.*)$ $1 break;
include uwsgi_params;
uwsgi_pass unix:/var/run/uwsgi_iredadmin.socket;
uwsgi_param UWSGI_CHDIR /usr/share/apache2/iredadmin;
uwsgi_param UWSGI_SCRIPT iredadmin;
uwsgi_param SCRIPT_NAME /iredadmin;
}
# iRedAdmin: redirect /iredadmin to /iredadmin/
location = /iredadmin {
rewrite ^ /iredadmin/;
}
# Handle newsletter-style subscription/unsubscription supported in iRedAdmin-Pro.
location ~ ^/newsletter/ {
rewrite /newsletter/(.*) /iredadmin/newsletter/$1 last;
}
# SOGo
location ~ ^/sogo { rewrite ^ https://$host/SOGo; }
location ~ ^/SOGO { rewrite ^ https://$host/SOGo; }
# For IOS 7
location = /principals/ {
rewrite ^ https://$server_name/SOGo/dav;
allow all;
}
location ^~ /SOGo {
proxy_pass http://127.0.0.1:20000;
#proxy_redirect http://127.0.0.1:20000/SOGo/ /SOGo;
# forward user's IP address
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Host $host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
#proxy_set_header x-webobjects-remote-host 127.0.0.1;
#proxy_set_header x-webobjects-server-name $server_name;
#proxy_set_header x-webobjects-server-url $scheme://$host;
}
location ^~ /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
proxy_redirect http://127.0.0.1:20000/Microsoft-Server-ActiveSync /;
}
location ^~ /SOGo/Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
proxy_redirect http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync /;
}
location /SOGo.woa/WebServerResources/ {
alias /usr/lib/GNUstep/SOGo/WebServerResources/;
}
location /SOGo/WebServerResources/ {
alias /usr/lib/GNUstep/SOGo/WebServerResources/;
}
location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ {
alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
}
# Running netdata as a subfolder to an existing virtual host
# FYI: https://github.com/firehol/netdata/wiki/Running-behind-nginx
location = /netdata {
return 301 /netdata/;
}
location ~ /netdata/(?<ndpath>.*) {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
proxy_pass http://127.0.0.1:19999/$ndpath$is_args$args;
gzip on;
gzip_proxied any;
gzip_types *;
auth_basic "Authentication Required";
auth_basic_user_file /etc/nginx/netdata.users;
}
}----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.