flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-06-06 15:36:40 +00:00
Code Issues Releases Wiki Activity
kopano-docker/web/kweb.cfg
Felix Bartels 29f06f906c
Enable separately hosted kwmbridge (#471) 
* block access to internal endpoints
* add dedicated vhost for kwmserver mcu api
* update docker-compose.yml
2020-12-08 13:38:32 +01:00

273 lines
5.0 KiB
INI
Raw Permalink Blame History

{%FQDN%}:80, *:80 {
log stdout
errors stdout
redir / https://{host}{uri}
}
# kweb >=0.7.0 needs the explicit hostname to be set
{%FQDN%}, *:2015, *:443 {
log stdout
errors stdout
gzip
header / Server kweb
# tls settings. defaults to tls_auto
import /etc/{%TLS_MODE%}
limits {
header 1MB
body 50MB
}
# serve static content from /var/www/
root /var/www/
redir 302 {
if {path} is /
/ {%DEFAULTREDIRECT%}/
}
# Config
proxy /api/config/v1/kopano/meet/ http://{%KWEBD_DNS_MEET%}:9080/ {
fail_timeout 10s
try_duration 30s
transparent
keepalive 100
}
# Konnect
proxy /upstreams/konnect/ {
without /upstreams/konnect/
upstream {%KWEBD_DNS_KONNECT%}:8777
policy least_conn
health_check /health-check
fail_timeout 10s
try_duration 30s
keepalive 100
transparent
header_downstream Feature-Policy "midi 'none'"
header_downstream X-Frame-Options "sameorigin"
}
ratelimit * 100 200 minute {
/upstreams/konnect/v1/
/signin/v1/identifier/_/
whitelist 127.0.0.1/8
}
rewrite /.well-known/openid-configuration {
to /upstreams/konnect/{path}
}
rewrite /konnect/v1/ {
to /upstreams/konnect/{path}
}
rewrite /signin/v1/ {
to /upstreams/konnect/{path}
}
redir /signin /signin/v1/identifier
# Konnect in subpath - by default this config supports /kopanoid as a subpath
rewrite /{%KONNECTPATH%}/konnect/v1/ {
to /upstreams/konnect/{path}
}
rewrite /{%KONNECTPATH%}/signin/v1/ {
to /upstreams/konnect/{path}
}
# Kapi
proxy /upstreams/kapi/ {
without /upstreams/kapi/
upstream {%KWEBD_DNS_KAPI%}:8039
policy least_conn
health_check /health-check
fail_timeout 10s
try_duration 30s
keepalive 100
transparent
websocket
}
ratelimit * 100 200 minute {
/upstreams/kapi/api/
whitelist 127.0.0.1/8
}
rewrite /api/gc/v1/ {
to /upstreams/kapi/{path}
}
rewrite /api/pubs/v1/ {
to /upstreams/kapi/{path}
}
rewrite /api/kvs/v1/ {
to /upstreams/kapi/{path}
}
# playground for oidc
proxy /oidc-playground/ http://{%KWEBD_DNS_PLAYGROUND%}:8888/ {
fail_timeout 10s
try_duration 30s
transparent
keepalive 100
}
folderish /oidc-playground
# playground for Kapi
proxy /kapi-playground/ http://{%KWEBD_DNS_PLAYGROUND%}:8888/ {
fail_timeout 10s
try_duration 30s
transparent
keepalive 100
}
folderish /kapi-playground
# Kwmserver
proxy /upstreams/kwmserver/ {
without /upstreams/kwmserver/
upstream {%KWEBD_DNS_KWMSERVER%}:8778
policy least_conn
health_check /health-check
fail_timeout 10s
try_duration 30s
keepalive 100
transparent
websocket
}
ratelimit * 100 200 minute {
/upstreams/kwmserver/
whitelist 127.0.0.1/8
}
rewrite /api/kwm/v2/ {
to /upstreams/kwmserver/{path}
}
# block access to internal endpoints
internal /upstreams/kwmserver/api/kwm/v2/admin
internal /upstreams/kwmserver/api/kwm/v2/mcu
proxy /meet/ {%KWEBD_DNS_MEET%}:9080 {
fail_timeout 10s
try_duration 30s
transparent
keepalive 100
}
folderish /meet
proxy /api/config/v1/kopano/calendar/ http://{%KWEBD_DNS_KAPPS%}:9080/ {
fail_timeout 10s
try_duration 30s
transparent
keepalive 100
}
proxy /calendar/ {%KWEBD_DNS_KAPPS%}:9080 {
fail_timeout 10s
try_duration 30s
transparent
keepalive 100
}
folderish /calendar
proxy /webapp/ {%KWEBD_DNS_WEBAPP%}:9080 {
fail_timeout 10s
try_duration 30s
transparent
keepalive 100
}
folderish /webapp
proxy /Microsoft-Server-ActiveSync {%KWEBD_DNS_ZPUSH%}:9080 {
transparent
keepalive 0
timeout 3540s
}
proxy /AutoDiscover/AutoDiscover.xml {%KWEBD_DNS_ZPUSH%}:9080 {
transparent
keepalive 0
fail_timeout 10s
try_duration 30s
}
proxy /Autodiscover/Autodiscover.xml {%KWEBD_DNS_ZPUSH%}:9080 {
transparent
keepalive 0
fail_timeout 10s
try_duration 30s
}
proxy /autodiscover/autodiscover.xml {%KWEBD_DNS_ZPUSH%}:9080 {
transparent
keepalive 0
fail_timeout 10s
try_duration 30s
}
proxy /caldav/ {%KWEBD_DNS_ICAL%}:8080 {
fail_timeout 10s
try_duration 30s
transparent
}
folderish /caldav
proxy /kdav/ {%KWEBD_DNS_KDAV%}:9080 {
transparent
keepalive 0
fail_timeout 10s
try_duration 30s
}
redir 301 {
/.well-known/carddav /kdav/
/.well-known/caldav /kdav/
}
proxy /lam/ ldap-account-manager:80 {
transparent
}
redir /lam /lam/
proxy /ldap-admin/ ldap-admin:80 {
without /ldap-admin
transparent
}
redir /ldap-admin /ldap-admin/
proxy /password-reset/ password-self-service:80 {
without /password-reset
transparent
}
redir /password-reset /password-reset/
proxy /grapi-explorer/ http://{%KWEBD_DNS_GRAPI%}-explorer:3000/ {
fail_timeout 10s
try_duration 30s
transparent
keepalive 100
}
proxy /owncloud/ owncloud:8080 {
transparent
keepalive 0
fail_timeout 10s
try_duration 30s
}
folderish /owncloud
import /etc/kweb-extras/*
}
{%FQDN%}:8443 {
log stdout
errors stdout
gzip
header / Server kweb
# tls settings. defaults to tls_auto
import /etc/{%TLS_MODE%}
# serve static content from /var/www/
root /var/www/
proxy /api/kwm/v2/mcu/ {%KWEBD_DNS_KWMSERVER%}:8778 {
websocket
transparent
}
}
Reference in New Issue View Git Blame Copy Permalink