boban
/
mailwolt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Webmail-Vhost nur /webmail/* — Control Panel nicht mehr erreichbar 

- build_webmail_http_only / build_webmail_tls als eigene Funktionen
- Webmail-Domain: / und /login → redirect auf /webmail/login
- Webmail-Domain: nur /webmail/* wird an Laravel weitergeleitet
- Alles andere auf Webmail-Domain → 403
- UI-Domain bleibt unverändert (voller Laravel-Zugriff)
- mailwolt-apply-domains deployed aktualisiert (write_webmail_vhost)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
main v1.1.150
boban 2026-04-23 02:54:05 +02:00
parent 3bc3862b69
commit 46fb3f12ff
1 changed files with 66 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
mailwolt-installer/scripts/70-nginx.sh
View File

@ -396,6 +396,67 @@ server {
CONF CONF
} }
# ── Builder Webmail: nur /webmail/* erlaubt, root → redirect ───────────────
build_webmail_http_only(){
local host="$1" outfile="$2" def_flag="${3:-nodefault}"
local def=""
[[ "${DEV_MODE}" = "1" && "${def_flag}" = "default" ]] && def=" default_server"
[[ -z "${host}" || "${host}" = "_" ]] && host="_"
cat > "$outfile" <<CONF
# --- ${host} : Webmail (nur /webmail/*) ---
server {
listen 80${def};
listen [::]:80${def};
server_name ${host};
location ^~ /.well-known/acme-challenge/ { root ${ACME_ROOT}; allow all; }
root ${APP_DIR}/public;
index index.php;
access_log /var/log/nginx/${host/_/__}_webmail_access.log;
error_log /var/log/nginx/${host/_/__}_webmail_error.log;
client_max_body_size 25m;
location = / { return 301 /webmail/login; }
location = /login { return 301 /webmail/login; }
location ^~ /webmail/ { try_files \$uri \$uri/ /index.php?\$query_string; }
location ~ \.php\$ { include snippets/fastcgi-php.conf; ${FASTCGI_PASS} }
location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; }
location ~* \.(css|js|ico|svg|woff2?|ttf|jpg|jpeg|png|gif)\$ { expires 30d; access_log off; }
location / { return 403; }
}
CONF
}
build_webmail_tls(){
local host="$1" cert_dir="$2" outfile="$3"
cat > "$outfile" <<CONF
# --- ${host} : Webmail TLS (nur /webmail/*) ---
server {
listen 80; listen [::]:80; server_name ${host};
location ^~ /.well-known/acme-challenge/ { root ${ACME_ROOT}; allow all; }
return 301 https://\$host\$request_uri;
}
server {
listen 443 ssl${NGINX_HTTP2_SUFFIX}; listen [::]:443 ssl${NGINX_HTTP2_SUFFIX};
server_name ${host};
ssl_certificate ${cert_dir}/fullchain.pem;
ssl_certificate_key ${cert_dir}/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location ^~ /.well-known/acme-challenge/ { root ${ACME_ROOT}; allow all; }
root ${APP_DIR}/public;
index index.php;
access_log /var/log/nginx/${host}_webmail_ssl_access.log;
error_log /var/log/nginx/${host}_webmail_ssl_error.log;
client_max_body_size 25m;
location = / { return 301 https://\$host/webmail/login; }
location = /login { return 301 https://\$host/webmail/login; }
location ^~ /webmail/ { try_files \$uri \$uri/ /index.php?\$query_string; }
location ~ \.php\$ { include snippets/fastcgi-php.conf; ${FASTCGI_PASS} }
location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; }
location ~* \.(css|js|ico|svg|woff2?|ttf|jpg|jpeg|png|gif)\$ { expires 30d; access_log off; }
location / { return 403; }
}
CONF
}
# ── Sites erzeugen ───────────────────────────────────────────────────────── # ── Sites erzeugen ─────────────────────────────────────────────────────────
MX_SITE="/etc/nginx/sites-available/mx-mailwolt.conf" MX_SITE="/etc/nginx/sites-available/mx-mailwolt.conf"
UI_SITE="/etc/nginx/sites-available/ui-mailwolt.conf" UI_SITE="/etc/nginx/sites-available/ui-mailwolt.conf"
@ -412,16 +473,15 @@ WEBMAIL_SITE="/etc/nginx/sites-available/webmail-mailwolt.conf"
# UI & Webmail … # UI & Webmail …
if [[ "${DEV_MODE}" = "1" ]]; then if [[ "${DEV_MODE}" = "1" ]]; then
# UI = Catch-All + default_server, Webmail = Catch-All ohne default build_site_http_only "_" "$UI_SITE" "default"
build_site_http_only "_" "$UI_SITE" "default" build_webmail_http_only "_" "$WEBMAIL_SITE" "nodefault"
build_site_http_only "_" "$WEBMAIL_SITE" "nodefault"
else else
if [[ "${PROXY_MODE:-0}" -eq 1 ]]; then if [[ "${PROXY_MODE:-0}" -eq 1 ]]; then
build_site_http_only "$UI_HOST" "$UI_SITE" build_site_http_only "$UI_HOST" "$UI_SITE"
build_site_http_only "$WEBMAIL_HOST" "$WEBMAIL_SITE" build_webmail_http_only "$WEBMAIL_HOST" "$WEBMAIL_SITE"
else else
build_site_tls "$UI_HOST" "/etc/ssl/ui" "$UI_SITE" build_site_tls "$UI_HOST" "/etc/ssl/ui" "$UI_SITE"
build_site_tls "$WEBMAIL_HOST" "/etc/ssl/webmail" "$WEBMAIL_SITE" build_webmail_tls "$WEBMAIL_HOST" "/etc/ssl/webmail" "$WEBMAIL_SITE"
fi fi
fi fi
#if [[ "${DEV_MODE}" = "1" ]]; then #if [[ "${DEV_MODE}" = "1" ]]; then