# ------------------------------------------------------------ # mail.hanmocnn.co.kr # ------------------------------------------------------------ map $scheme $hsts_header { https "max-age=63072000; preload"; } server { set $forward_scheme https; set $server "192.168.0.250"; set $port 8443; listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; server_name mail.hanmocnn.co.kr; http2 off; # Let's Encrypt SSL include conf.d/include/letsencrypt-acme-challenge.conf; include conf.d/include/ssl-cache.conf; include conf.d/include/ssl-ciphers.conf; ssl_certificate /etc/letsencrypt/live/npm-4/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/npm-4/privkey.pem; # Asset Caching include conf.d/include/assets.conf; # Block Exploits include conf.d/include/block-exploits.conf; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_http_version 1.1; access_log /data/logs/proxy-host-3_access.log proxy; error_log /data/logs/proxy-host-3_error.log warn; location / { # 1. 루트 접속 시 라운드큐브로 리다이렉트 location = / { return 301 $scheme://$host/rc/; } # 2. SSL 핸드셰이크 실패(400/ERR_SSL) 해결을 위한 핵심 헤더 location / { proxy_pass https://192.168.0.250:8443; # Mailcow가 보낸 사람이 누구인지 알게 함 (SSL 인식의 핵심) proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # SSL 통신 오류 방지용 설정 proxy_ssl_server_name on; # <--- 이 설정이 ERR_SSL 오류를 잡는 핵심입니다! proxy_ssl_name $host; } proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_pass https://192.168.0.250:8443; # Asset Caching include conf.d/include/assets.conf; # Block Exploits include conf.d/include/block-exploits.conf; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_http_version 1.1; } # Custom include /data/nginx/custom/server_proxy[.]conf; }