Fix: nginx http2 Syntax für nginx 1.25+ (listen 443 ssl + http2 on)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

app/Livewire/Setup/Wizard.php

@@ -181,12 +181,6 @@ class Wizard extends Component
         $done = @file_get_contents(self::STATE_DIR . '/done');
         if ($done !== false) {
             $this->setupDone = true;
-
-            // Bei erfolgreichem SSL sofort auf HTTPS weiterleiten,
-            // damit Livewire nicht mehr über HTTP pollt
-            if (trim($done) === '1' && $this->ui_domain) {
-                $this->redirect('https://' . $this->ui_domain . '/setup', navigate: false);
-            }
         }
     }
 

installer.sh

@@ -725,8 +725,9 @@ if [ -n "${UI_HOST}" ] && [ "${UI_HAS_CERT}" = "1" ]; then
   cat <<CONF
 
 server {
-  listen 443 ssl http2;
+  listen 443 ssl;
-  listen [::]:443 ssl http2;
+  listen [::]:443 ssl;
+  http2 on;
   server_name ${UI_HOST};
 
   ssl_certificate     /etc/letsencrypt/live/${UI_HOST}/fullchain.pem;
@@ -752,8 +753,9 @@ if [ -n "${WEBMAIL_HOST}" ] && [ "${WM_HAS_CERT}" = "1" ]; then
   cat <<CONF
 
 server {
-  listen 443 ssl http2;
+  listen 443 ssl;
-  listen [::]:443 ssl http2;
+  listen [::]:443 ssl;
+  http2 on;
   server_name ${WEBMAIL_HOST};
 
   ssl_certificate     /etc/letsencrypt/live/${WEBMAIL_HOST}/fullchain.pem;
@@ -776,15 +778,20 @@ CONF
 fi
 ) > "${NGINX_SITE}"
 
-# State-Dateien VOR dem nginx-Switch schreiben damit der Browser
+# State-Dateien VOR dem nginx-Switch schreiben:
-# noch über HTTP redirecten kann bevor nginx auf HTTPS wechselt
+# Browser-Poll (alle 2s) liest done=1 → Polling stoppt → "Zum Login" erscheint.
+# Danach 6s sleep → nginx switchet auf HTTPS → User klickt Link → funktioniert.
 STATE_DIR="/var/lib/mailwolt/wizard"
 if [ -d "${STATE_DIR}" ]; then
   for k in ui mail webmail; do
     [ -f "${STATE_DIR}/${k}" ] && printf "done" > "${STATE_DIR}/${k}"
   done
+  if [ "${UI_HAS_CERT}" = "1" ] || [ "${WM_HAS_CERT}" = "1" ]; then
     printf "1" > "${STATE_DIR}/done"
-  sleep 6  # 3 Poll-Zyklen (à 2s) — Browser hat Zeit zu redirecten
+  else
+    printf "0" > "${STATE_DIR}/done"
+  fi
+  sleep 6
 fi
 
 nginx -t && systemctl reload nginx
@@ -798,6 +805,7 @@ install -m 755 "${APP_DIR}/update.sh" /usr/local/sbin/mailwolt-update
 cat > /etc/sudoers.d/mailwolt-certbot <<'SUDOERS'
 www-data ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-apply-domains
 www-data ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-update
+www-data ALL=(root) NOPASSWD: /usr/bin/certbot
 SUDOERS
 chmod 440 /etc/sudoers.d/mailwolt-certbot
 

resources/views/livewire/setup/wizard.blade.php

@@ -292,10 +292,12 @@
     </div>
     @elseif($step === 5 && $setupDone)
     <div style="display:flex;justify-content:flex-end;margin-top:20px">
-        <button wire:click="goToLogin" class="mbx-btn-primary" style="font-size:12.5px;width:fit-content">
+        {{-- Kein wire:click — plain Link damit kein Livewire-POST nötig ist.
+             nginx leitet /login nach SSL-Switch automatisch auf HTTPS weiter. --}}
+        <a href="/login" class="mbx-btn-primary" style="font-size:12.5px;width:fit-content;text-decoration:none;display:inline-flex;align-items:center;gap:6px">
             <svg width="12" height="12" viewBox="0 0 12 12" fill="none"><path d="M2 6.5l2.5 2.5 5.5-5.5" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/></svg>
             {{ collect($domainStatus)->contains(fn($s) => in_array($s, ['error','nodns','noipv6'])) ? 'Trotzdem zum Login' : 'Zum Login' }}
-        </button>
+        </a>
     </div>
     @endif