我最终放弃了 Zentyal,转而使用 Docker 中的 MailCow。通过 mail.domain.com 访问 SoGo。下面是 Docker 之外 NGINX 的反向代理。
#######
### NGINX Reverse-Proxy to mailcow and SOGo
### Redirects root to SOGo and /setup to mailcow control panel
### Handles all SSL security
#######
## HTTP catch-all for invalid domain names (e.g. root domain "example.com")
server {
listen 80 default_server;
listen [::]:80 default_server;
# Have NGINX drop the connection (return no-data)
return 444;
}
## Redirect HTTP to HTTPS for valid domain names on this server
## (e.g. mail.example.com, webmail.example.com)
server {
listen 80;
listen [::]:80;
server_name mail.domain-name.com
autodiscover.domain-name.com
autoconfig.domain-name.com;
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
# Path can be used for cert-validation on all domains
root /var/www/html/;
break;
}
# Redirect to properly formed HTTPS request
return 301 https://$host$request_uri;
}
## HTTPS catch-all site for invalid domains that generate a certificate
## mismatch but the user proceeds anyways
server {
listen 443 default_server ssl http2;
listen [::]:443 default_server ssl http2;
# SSL settings in another file (see my 'mozModern_ssl' file as an example)
# include /etc/nginx/mozModern_ssl.conf
# SSL certificates for this connection
ssl_certificate /etc/letsencrypt/live/mail.domain-name.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.domain-name.com/privkey.pem;
# Have NGINX drop the connection (return no-data)
return 444;
}
## Proxy primary server and webmail subdomain to mailcow
## Go to SOGo after typing root address only (default browsing action)
## Go to mailcow admin panel after typing /admin subdirectory
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mail.domain-name.com
autodiscover.domain-name.com;
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
# Path can be used for cert-validation on all domains
root /var/www/html/;
break;
}
# SSL settings in another file (see my 'mozModern_ssl' file as an example)
#include /etc/nginx/mozModern_ssl.conf
# SSL certificates for this connection
ssl_certificate /etc/letsencrypt/live/mail.domain-name.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.domain-name.com/privkey.pem;
location /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 75;
proxy_send_timeout 3650;
proxy_read_timeout 3650;
proxy_buffers 64 256k;
client_body_buffer_size 512k;
client_max_body_size 0;
}
# Redirect root to SOGo. Rewrite rule changes / to /SOGo
location / {
rewrite ^/$ /SOGo;
proxy_pass https://127.0.0.1:8443;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100m;
}
# Redirect /setup to mailcow admin panel
# Note the trailing / after setup and the trailing / after proxy URL
# This makes sure that NGINX doesn't try to go to proxyURL/setup which
# would result in a 404.
# Recent updates result in loops if you try to use 'admin' here
location ^~ /setup/ {
proxy_pass https://127.0.0.1:8443/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100m;
}
}