forked from postalsys/emailengine
-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx-proxy.conf
77 lines (63 loc) · 3.25 KB
/
nginx-proxy.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# This example file shows how to configure Nginx to proxy requests to IMAP API
# NB! Replace all occurences of imapapi.example.com in this file with your actual domain name.
# To setup Nginx, if not installed: `apt-get update && apt-get install nginx`
# Copy this file to /etc/nginx/sites-enabled/imapapi.example.com.conf
# Once set up run `nginx -t` as root to check for configuration errors
# If no errors were found run `systemctl reload nginx` as root to enable the updated configuration
server {
# Set up an HTTPS site with HTTP redirect
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# --- Domain name ---
# Make sure to change the domain name
server_name imapapi.example.com;
# --- HTTP ---
# Redirect all requests against HTTP to HTTPS
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
# --- HTTPS ---
# Make sure to use valid SSL certificates here, these must exist or Nginx would not start
# To bootstrap you can generate self signed certificates using the following commands:
# sudo openssl req -subj "/CN=imapapi.example.com/O=My Company Name LTD./C=US" -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout privkey.pem -out fullchain.pem
# sudo chmod 0600 privkey.pem
# sudo mv privkey.pem /etc/ssl/private/imapapi-privkey.pem
# sudo mv fullchain.pem /etc/ssl/certs/imapapi-fullchain.pem
# Once you have the server running with self signed certs, install https://achme.sh as root and run the following
# to provision a valid and auto-renewing Let's Encrypt certificate that replaces self-signed certs:
# /root/.acme.sh/acme.sh --issue --nginx \
# -d imapapi.example.com \
# --key-file /etc/ssl/private/imapapi-privkey.pem \
# --fullchain-file /etc/ssl/certs/imapapi-fullchain.pem \
# --reloadcmd "/bin/systemctl reload nginx"
ssl_certificate_key /etc/ssl/private/imapapi-privkey.pem;
ssl_certificate /etc/ssl/certs/imapapi-fullchain.pem;
# --- PROXY ---
location / {
client_max_body_size 50M;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Scheme $scheme;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:3000;
# --- IP whitelist ---
# Uncomment to allow access from specific IP addresses only.
# Addresses not enabled by 'allow' will get a 403 error.
#allow 18.194.223.2/32;
#deny all;
# --- Basic Auth ---
# Use basic auth to protect from outside access
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd-imapapi;
# To add users to htpasswd file:
# This command creates an incomplete user entry row. Replace 'username' with the user name you want to use
# sudo sh -c "echo -n 'username:' >> /etc/nginx/.htpasswd-imapapi"
# This command appends hashed password to the previously inserted user entry row
# sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd-imapapi"
}
}