120 lines
2.4 KiB
Plaintext
120 lines
2.4 KiB
Plaintext
# ------------------------------------------------------------
|
|
# mail.hanmocnn.co.kr
|
|
# ------------------------------------------------------------
|
|
|
|
|
|
|
|
map $scheme $hsts_header {
|
|
https "max-age=63072000; preload";
|
|
}
|
|
|
|
server {
|
|
set $forward_scheme https;
|
|
set $server "192.168.0.250";
|
|
set $port 8443;
|
|
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
|
|
server_name mail.hanmocnn.co.kr;
|
|
http2 off;
|
|
|
|
|
|
# Let's Encrypt SSL
|
|
include conf.d/include/letsencrypt-acme-challenge.conf;
|
|
include conf.d/include/ssl-cache.conf;
|
|
include conf.d/include/ssl-ciphers.conf;
|
|
ssl_certificate /etc/letsencrypt/live/npm-4/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/npm-4/privkey.pem;
|
|
|
|
|
|
|
|
|
|
# Asset Caching
|
|
include conf.d/include/assets.conf;
|
|
|
|
|
|
# Block Exploits
|
|
include conf.d/include/block-exploits.conf;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $http_connection;
|
|
proxy_http_version 1.1;
|
|
|
|
|
|
access_log /data/logs/proxy-host-3_access.log proxy;
|
|
error_log /data/logs/proxy-host-3_error.log warn;
|
|
|
|
|
|
|
|
location / {
|
|
# 1. 루트 접속 시 라운드큐브로 리다이렉트
|
|
location = / {
|
|
return 301 $scheme://$host/rc/;
|
|
}
|
|
|
|
# 2. SSL 핸드셰이크 실패(400/ERR_SSL) 해결을 위한 핵심 헤더
|
|
location / {
|
|
proxy_pass https://192.168.0.250:8443;
|
|
|
|
# Mailcow가 보낸 사람이 누구인지 알게 함 (SSL 인식의 핵심)
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# SSL 통신 오류 방지용 설정
|
|
proxy_ssl_server_name on; # <--- 이 설정이 ERR_SSL 오류를 잡는 핵심입니다!
|
|
proxy_ssl_name $host;
|
|
}
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Scheme $scheme;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_pass https://192.168.0.250:8443;
|
|
|
|
|
|
|
|
# Asset Caching
|
|
include conf.d/include/assets.conf;
|
|
|
|
|
|
# Block Exploits
|
|
include conf.d/include/block-exploits.conf;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $http_connection;
|
|
proxy_http_version 1.1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# Custom
|
|
include /data/nginx/custom/server_proxy[.]conf;
|
|
}
|
|
|