Save before adding transparent layer

npm/data/nginx/proxy_host/3.conf

@@ -21,8 +21,7 @@ listen [::]:443 ssl;
 
 
   server_name mail.hanmocnn.co.kr;
-
-  http2 on;
+http2 off;
 
 
   # Let's Encrypt SSL
@@ -35,6 +34,8 @@ listen [::]:443 ssl;
 
 
 
+# Asset Caching
+  include conf.d/include/assets.conf;
 
 
   # Block Exploits
@@ -46,11 +47,6 @@ listen [::]:443 ssl;
 
 
 
-    # Force SSL
-    include conf.d/include/force-ssl.conf;
-
-
-
 
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection $http_connection;
@@ -62,8 +58,26 @@ proxy_http_version 1.1;
 
 
 
-  location /rc/ {
+  location / {
+    # 1. 루트 접속 시 라운드큐브로 리다이렉트
+location = / {
+    return 301 $scheme://$host/rc/;
+}
+
+# 2. SSL 핸드셰이크 실패(400/ERR_SSL) 해결을 위한 핵심 헤더
+location / {
+    proxy_pass https://192.168.0.250:8443;
     
+    # Mailcow가 보낸 사람이 누구인지 알게 함 (SSL 인식의 핵심)
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
+    # SSL 통신 오류 방지용 설정
+    proxy_ssl_server_name on;  # <--- 이 설정이 ERR_SSL 오류를 잡는 핵심입니다!
+    proxy_ssl_name $host;
+}
 
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-Scheme $scheme;
@@ -75,22 +89,19 @@ proxy_http_version 1.1;
 
     
 
-    
+    # Asset Caching
+  include conf.d/include/assets.conf;
+
     
   # Block Exploits
   include conf.d/include/block-exploits.conf;
 
     
-    # Force SSL
-    include conf.d/include/force-ssl.conf;
-
 
     
 
 
 
-
-
     
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection $http_connection;
@@ -102,27 +113,7 @@ proxy_http_version 1.1;
 
 
 
-  location / {
-
-
-
-
-
-
-
-
-
-    
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection $http_connection;
-    proxy_http_version 1.1;
-    
-
-    # Proxy!
-    include conf.d/include/proxy.conf;
-  }
-
-
   # Custom
   include /data/nginx/custom/server_proxy[.]conf;
 }
+