{%FQDN%}:80, *:80 { log stdout errors stdout redir / https://{host}{uri} } # kweb >=0.7.0 needs the explicit hostname to be set {%FQDN%}, *:2015, *:443 { log stdout errors stdout gzip header / Server kweb # tls settings. defaults to tls_auto import /etc/{%TLS_MODE%} limits { header 1MB body 50MB } # serve static content from /var/www/ root /var/www/ redir 302 { if {path} is / / {%DEFAULTREDIRECT%}/ } # Config proxy /api/config/v1/kopano/meet/ http://{%KWEBD_DNS_MEET%}:9080/ { fail_timeout 10s try_duration 30s transparent keepalive 100 } # Konnect proxy /upstreams/konnect/ { without /upstreams/konnect/ upstream {%KWEBD_DNS_KONNECT%}:8777 policy least_conn health_check /health-check fail_timeout 10s try_duration 30s keepalive 100 transparent header_downstream Feature-Policy "midi 'none'" header_downstream X-Frame-Options "sameorigin" } ratelimit * 100 200 minute { /upstreams/konnect/v1/ /signin/v1/identifier/_/ whitelist 127.0.0.1/8 } rewrite /.well-known/openid-configuration { to /upstreams/konnect/{path} } rewrite /konnect/v1/ { to /upstreams/konnect/{path} } rewrite /signin/v1/ { to /upstreams/konnect/{path} } redir /signin /signin/v1/identifier # Konnect in subpath - by default this config supports /kopanoid as a subpath rewrite /{%KONNECTPATH%}/konnect/v1/ { to /upstreams/konnect/{path} } rewrite /{%KONNECTPATH%}/signin/v1/ { to /upstreams/konnect/{path} } # Kapi proxy /upstreams/kapi/ { without /upstreams/kapi/ upstream {%KWEBD_DNS_KAPI%}:8039 policy least_conn health_check /health-check fail_timeout 10s try_duration 30s keepalive 100 transparent websocket } ratelimit * 100 200 minute { /upstreams/kapi/api/ whitelist 127.0.0.1/8 } rewrite /api/gc/v1/ { to /upstreams/kapi/{path} } rewrite /api/pubs/v1/ { to /upstreams/kapi/{path} } rewrite /api/kvs/v1/ { to /upstreams/kapi/{path} } # playground for oidc proxy /oidc-playground/ http://{%KWEBD_DNS_PLAYGROUND%}:8888/ { fail_timeout 10s try_duration 30s transparent keepalive 100 } folderish /oidc-playground # playground for Kapi proxy /kapi-playground/ http://{%KWEBD_DNS_PLAYGROUND%}:8888/ { fail_timeout 10s try_duration 30s transparent keepalive 100 } folderish /kapi-playground # Kwmserver proxy /upstreams/kwmserver/ { without /upstreams/kwmserver/ upstream {%KWEBD_DNS_KWMSERVER%}:8778 policy least_conn health_check /health-check fail_timeout 10s try_duration 30s keepalive 100 transparent websocket } ratelimit * 100 200 minute { /upstreams/kwmserver/ whitelist 127.0.0.1/8 } rewrite /api/kwm/v2/ { to /upstreams/kwmserver/{path} } proxy /meet/ {%KWEBD_DNS_MEET%}:9080 { fail_timeout 10s try_duration 30s transparent keepalive 100 } folderish /meet proxy /api/config/v1/kopano/calendar/ http://{%KWEBD_DNS_KAPPS%}:9080/ { fail_timeout 10s try_duration 30s transparent keepalive 100 } proxy /calendar/ {%KWEBD_DNS_KAPPS%}:9080 { fail_timeout 10s try_duration 30s transparent keepalive 100 } folderish /calendar proxy /webapp/ {%KWEBD_DNS_WEBAPP%}:9080 { fail_timeout 10s try_duration 30s transparent keepalive 100 } folderish /webapp proxy /Microsoft-Server-ActiveSync {%KWEBD_DNS_ZPUSH%}:9080 { transparent keepalive 0 timeout 3540s } proxy /AutoDiscover/AutoDiscover.xml {%KWEBD_DNS_ZPUSH%}:9080 { transparent keepalive 0 fail_timeout 10s try_duration 30s } proxy /Autodiscover/Autodiscover.xml {%KWEBD_DNS_ZPUSH%}:9080 { transparent keepalive 0 fail_timeout 10s try_duration 30s } proxy /autodiscover/autodiscover.xml {%KWEBD_DNS_ZPUSH%}:9080 { transparent keepalive 0 fail_timeout 10s try_duration 30s } proxy /caldav/ {%KWEBD_DNS_ICAL%}:8080 { fail_timeout 10s try_duration 30s transparent } folderish /caldav proxy /kdav/ {%KWEBD_DNS_KDAV%}:9080 { transparent keepalive 0 fail_timeout 10s try_duration 30s } redir 301 { /.well-known/carddav /kdav/ /.well-known/caldav /kdav/ } proxy /lam/ ldap-account-manager:80 { transparent } redir /lam /lam/ proxy /ldap-admin/ ldap-admin:80 { without /ldap-admin transparent } redir /ldap-admin /ldap-admin/ proxy /password-reset/ password-self-service:80 { without /password-reset transparent } redir /password-reset /password-reset/ proxy /grapi-explorer/ http://{%KWEBD_DNS_GRAPI%}-explorer:3000/ { fail_timeout 10s try_duration 30s transparent keepalive 100 } proxy /owncloud/ owncloud:8080 { transparent keepalive 0 fail_timeout 10s try_duration 30s } folderish /owncloud import /etc/kweb-extras/* }