Create webmail templates for php-fpm.

ScIT-Raphael · ScIT-Raphael · commit 4f90b14ba4a8 · 2020-06-04T08:40:40.000+02:00
diff --git a/install/deb/templates/mail/apache2/php-fpm/default.stpl b/install/deb/templates/mail/apache2/php-fpm/default.stpl
@@ -0,0 +1,58 @@
+<VirtualHost %ip%:%web_ssl_port%>
+    ServerName %domain%
+    ServerAlias %alias%
+    Alias / /var/lib/roundcube/
+    Alias /error/ %home%/%user%/web/%root_domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile         %home%/%user%/conf/mail/%root_domain%/ssl/%root_domain%.crt
+    SSLCertificateKeyFile      %home%/%user%/conf/mail/%root_domain%/ssl/%root_domain%.key
+
+    IncludeOptional %home%/%user%/conf/mail/%root_domain%/apache2.forcessl.conf*
+    
+    <Directory "/usr/share/tinymce/www/">
+      Options Indexes MultiViews FollowSymLinks
+      AllowOverride None
+      Order allow,deny
+      allow from all
+    </Directory>
+
+    <Directory /var/lib/roundcube/>
+        Options +FollowSymLinks
+        # This is needed to parse /var/lib/roundcube/.htaccess. See its
+        # content before setting AllowOverride to None.
+        AllowOverride All
+        order allow,deny
+        allow from all
+    </Directory>
+
+    # Protecting basic directories:
+    <Directory /var/lib/roundcube/config>
+            Options -FollowSymLinks
+            AllowOverride None
+    </Directory>
+
+    <Directory /var/lib/roundcube/temp>
+            Options -FollowSymLinks
+            AllowOverride None
+        Order allow,deny
+        Deny from all
+    </Directory>
+
+    <Directory /var/lib/roundcube/logs>
+            Options -FollowSymLinks
+            AllowOverride None
+        Order allow,deny
+        Deny from all
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:%backend_lsnr%|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/mail/%root_domain%/%web_system%.ssl.conf_*
+
+</VirtualHost>
diff --git a/install/deb/templates/mail/apache2/php-fpm/default.tpl b/install/deb/templates/mail/apache2/php-fpm/default.tpl
@@ -0,0 +1,53 @@
+<VirtualHost %ip%:%web_port%>
+    ServerName %domain%
+    ServerAlias %alias%
+    Alias / /var/lib/roundcube/
+    Alias /error/ %home%/%user%/web/%root_domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+        
+    IncludeOptional %home%/%user%/conf/mail/%root_domain%/apache2.forcessl.conf*
+    
+    <Directory "/usr/share/tinymce/www/">
+      Options Indexes MultiViews FollowSymLinks
+      AllowOverride None
+      Order allow,deny
+      allow from all
+    </Directory>
+
+    <Directory /var/lib/roundcube/>
+        Options +FollowSymLinks
+        # This is needed to parse /var/lib/roundcube/.htaccess. See its
+        # content before setting AllowOverride to None.
+        AllowOverride All
+        order allow,deny
+        allow from all
+    </Directory>
+
+    # Protecting basic directories:
+    <Directory /var/lib/roundcube/config>
+            Options -FollowSymLinks
+            AllowOverride None
+    </Directory>
+
+    <Directory /var/lib/roundcube/temp>
+            Options -FollowSymLinks
+            AllowOverride None
+        Order allow,deny
+        Deny from all
+    </Directory>
+
+    <Directory /var/lib/roundcube/logs>
+            Options -FollowSymLinks
+            AllowOverride None
+        Order allow,deny
+        Deny from all
+    </Directory>
+    
+    <FilesMatch \.php$>
+        SetHandler "proxy:%backend_lsnr%|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/mail/%root_domain%/%web_system%.conf_*
+
+</VirtualHost>
diff --git a/install/deb/templates/mail/nginx/php-fpm/default.stpl b/install/deb/templates/mail/nginx/php-fpm/default.stpl
@@ -0,0 +1,54 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain% %alias%;
+    root        /var/lib/roundcube;
+    index       index.php index.html index.htm;
+    access_log /var/log/nginx/domains/%domain%.log combined;
+    error_log  /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate     %ssl_pem%;
+    ssl_certificate_key %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+    location ~ ^/(README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
+        deny all;
+        return 404;
+    }
+
+    location / {
+        proxy_pass https://%ip%:%web_ssl_port%;
+        try_files $uri $uri/ =404;
+        alias /var/lib/roundcube/;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 7d;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias /var/www/document_errors/;
+    }
+	
+    location @fallback {
+        proxy_pass https://%ip%:%web_ssl_port%;
+    }
+
+    include %home%/%user%/conf/mail/%root_domain%/%proxy_system%.conf_*;
+}
diff --git a/install/deb/templates/mail/nginx/php-fpm/default.tpl b/install/deb/templates/mail/nginx/php-fpm/default.tpl
@@ -0,0 +1,48 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain% %alias%;
+    root        /var/lib/roundcube;
+    index       index.php index.html index.htm;
+    access_log /var/log/nginx/domains/%domain%.log combined;
+    error_log  /var/log/nginx/domains/%domain%.error.log error;
+
+    include %home%/%user%/conf/mail/%root_domain%/nginx.forcessl.conf*;
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+    location ~ ^/(README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
+        deny all;
+        return 404;
+    }
+
+    location / {
+        proxy_pass http://%ip%:%web_port%;
+        try_files $uri $uri/ =404;
+        alias /var/lib/roundcube/;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 7d;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ ^/(.*\.php)$ {
+            alias /var/lib/roundcube/$1;
+            fastcgi_pass 127.0.0.1:9000;
+            fastcgi_index index.php;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $request_filename;
+        }
+    }
+
+    location /error/ {
+        alias /var/www/document_errors/;
+    }
+	
+    location @fallback {
+        proxy_pass http://%ip%:%web_port%;
+    }
+
+    include %home%/%user%/conf/mail/%root_domain%/%proxy_system%.conf_*;
+}
