elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

New: Run web applications under subdomain with Nginx. Thanks to AVAtarMod@GitHub for the contribution. See #16

This commit is contained in:
Zhang Huangbin 2021-08-05 09:44:33 +08:00
parent 90339867c4
commit 5feb624e1e
4 changed files with 244 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
en_US/howto/subdomain.web.apps.md Normal file
View File

@ -0,0 +1,111 @@
# Run web applications under subdomain with Nginx
[TOC]
## Introduction
By default, Roundcube, SOGo, Netdata and iRedAdmin are located at `/mail`,
`/SOGo`, `/netdata` and `/iredadmin`. If you have SOGo but no Roundcube,
`/mail` will be redirected to `/SOGo` too.
For example, if your server hostname is `mail.example.com`, and you correctly
added an A type DNS record pointed to this iRedMail server, you should be able
to visit them with URLs below:
- Roundcube webmail: `https://mail.example.com/mail`
- SOGo Groupware: `https://mail.example.com/SOGo`
- Netdata monitor: `https://mail.example.com/netdata`
- iRedAdmin or iRedAdmin-Pro: `https://mail.example.com/iredadmin`
The URIs are defined in the catch-all Nginx web host config file
`/etc/nginx/sites-available/00-default-ssl.conf`, here's its full content:
```
#
# Note: This file must be loaded before other virtual host config files,
#
# HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _; # <- Name `_` will catch all web domain names,
# <- this is why this file must be loaded before other
# <- web host config files.
root /var/www/html;
index index.php index.html;
include /etc/nginx/templates/misc.tmpl; # <- Misc
include /etc/nginx/templates/ssl.tmpl; # <- SSL related configurations.
include /etc/nginx/templates/iredadmin.tmpl; # <- iRedAdmin
include /etc/nginx/templates/roundcube.tmpl; # <- Roundcube webmail
include /etc/nginx/templates/sogo.tmpl; # <- SOGo Groupware
include /etc/nginx/templates/netdata.tmpl; # <- Netdata monitor
include /etc/nginx/templates/php-catchall.tmpl; # <- php support
include /etc/nginx/templates/stub_status.tmpl; # <- Nginx status monitoring
}
```
As you can see, it loads multiple configuration snippets, and they define the
URIs you can access to visit the web applications.
iRedMail also generates configuration snippet files to run them under subdomain:
- /etc/nginx/templates/iredadmin-subdomain.tmpl
- /etc/nginx/templates/netdata-subdomain.tmpl
- /etc/nginx/templates/roundcube-subdomain.tmpl
- /etc/nginx/templates/sogo-subdomain.tmpl
## Run web applications under subdomain
To run Roundcube, SOGo and/or iRedAdmin under subdomain, you can simply create
a new web host config file, and load the `*-subdomain.tmpl` file.
Let's say you want to run Roundcube under subdomain `webmail.example.com`.
- Update DNS record to point domain name `webmail.example.com` to your iRedMail
server.
- Create new web host config file `/etc/nginx/sites-available/webmail.example.com.conf` with content below:
```
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name webmail.example.com;
include /etc/nginx/templates/misc.tmpl;
include /etc/nginx/templates/ssl.tmpl;
include /etc/nginx/templates/roundcube.tmpl;
}
```
- Create symbol link to `/etc/nginx/sites-enabled/` with shell command below:
```
ln -sf /etc/nginx/sites-available/webmail.example.com.conf /etc/nginx/sites-enabled/webmail.example.com.conf
```
- [OPTIONAL] If you want to remove acess from `https://mail.example.com/mail/`
(`mail.exmaple.com` is your server hostname), you can simply comment out
below line in `/etc/nginx/sites-available/00-default-ssl.conf`:
```
include /etc/nginx/templates/roundcube.tmpl;
```
- Restart or reload Nginx service:
```
service nginx restart
```
## Important notes
- File `/etc/nginx/templates/ssl.tmpl` loads self-signed ssl cert by default,
we strongly recommend to request free SSL cert by following our tutorial:
[Request a free cert from Let's Encrypt](https://docs.iredmail.org/letsencrypt.html).
Note: You can request one cert with multiple domain names.
- You can also create your own Nginx configuration snipppet file with
different SSL cert/key files too.

134
en_US/howto/subdomains.md
View File

@ -1,134 +0,0 @@
# Move SOGO, Roundcube and iRedAdmin to subdomains with Nginx
[TOC]
## Introduction
iRedMail create different templates for different needs.
By default, SOGO, Roundcube and iRedAdmin are located at /iredadmin,
/mail and /sogo (if you install SOGo, then /mail redirect to this too).
For example, we have:
- domain example.com
- server (hosting, etc.) with installed iRedMail
- correctly configured DNS zone example.com
If we visit example.com/iredadmin, then we will be redirected to the iRedAdmin (usually login page of the iRedAdmin)
Let's to see to default config at /etc/nginx/sites-available/00-default-ssl.conf:
```
#
# Note: This file must be loaded before other virtual host config files,
#
# HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _;
root /var/www/html;
index index.php index.html;
include /etc/nginx/templates/misc.tmpl;
include /etc/nginx/templates/ssl.tmpl;
include /etc/nginx/templates/iredadmin.tmpl;
include /etc/nginx/templates/roundcube.tmpl;
include /etc/nginx/templates/sogo.tmpl;
include /etc/nginx/templates/netdata.tmpl;
include /etc/nginx/templates/php-catchall.tmpl;
include /etc/nginx/templates/stub_status.tmpl;
location /{
try_files $uri $uri/ /index.php$is_args$args;
}
}
```
We can see following:
```
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _;
...
include /etc/nginx/templates/iredadmin.tmpl;
include /etc/nginx/templates/roundcube.tmpl;
include /etc/nginx/templates/sogo.tmpl;
...
}
```
That means that SOGO, Roundcube and iRedAdmin are located at host "_" (see (Nginx Documentation)[https://nginx.org/en/docs/http/server_names.html] ) and available at example.com/mail/, example.com/sogo/, etc.
## Move SOGO, Roundcube and iRedAdmin to subdomain.
We can move 1, 2 or 3 services to any subdomain (ex. Roundcube, iRedAdmin, but SOGO leave at "_" host)
To do this, we need:
1. Check available configs with subdomain support at /etc/nginx/templates directory
Open terminal (usually this mean connect over ssh to server)
Enter command after "$":
```
$ ls -w 1 /etc/nginx/templates
adminer.tmpl
fastcgi_php.tmpl
hsts.tmpl
iredadmin-subdomain.tmpl
iredadmin.tmpl
misc.tmpl
netdata-subdomain.tmpl
netdata.tmpl
php-catchall.tmpl
redirect_to_https.tmpl
roundcube-subdomain.tmpl
roundcube.tmpl
sogo-subdomain.tmpl
sogo.tmpl
ssl.tmpl
stub_status.tmpl
```
We can see 4 iRedMail configs with subdomain support:
```
iredadmin-subdomain.tmpl
netdata-subdomain.tmpl
roundcube-subdomain.tmpl
sogo-subdomain.tmpl
```
This mean that iRedAdmin, Netdata, Roundcube or SOGO can be moved to subdomain.
We choose one of them, as example roundcube-subdomain.tmpl
2. Create new site config at /etc/nginx/sites-available/
As example, we create roundcube.example.com.conf
3. Write config to file
We need to use "server" context with
```
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name roundcube.example.com;
```
Then, add line
```
include /etc/nginx/templates/roundcube-subdomain.tmpl;
```
We can also add SSL support:
Create /etc/nginx/templates/ssl-subdomain.tmpl (you may use ssl.tmpl as template), then add line
```
include /etc/nginx/templates/ssl-subdomain.tmpl;
```
As result, we have
```
server{
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name roundcube.example.com;
include /etc/nginx/templates/roundcube-subdomain.tmpl;
include /etc/nginx/templates/ssl-subdomain.tmpl;
}
```
4. [OPTIONAL] If you want deny acess to your service at host "_" over example.com/mail/, you can do the following:
* Remove line "include /etc/nginx/templates/roundcube.tmpl;"
from default config at /etc/nginx/sites-available/00-default-ssl.conf
!!! note
I recommend
- create request wildcard SSL certificate (that works for any subdomain, ex name1.example.com ... 1000name.example.com)
- create wildcard DNS records, ex. "CNAME *.example.com example.com"
- Use wildcard SSL certificate for any number of your subdomains (use /etc/nginx/templates/ssl.tmpl as template
and see (Nginx Docs)[https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl] if you have troubles)
That's all we need

1
html/index.html
View File

@ -152,6 +152,7 @@
<li><a href="sql.user.mail.forwarding.html">SQL: User mail forwarding</a></li>
<li><a href="srs.html">Enable SRS (Sender Rewriting Scheme) support</a></li>
<li><a href="store.spamassassin.bayes.in.sql.html">Store SpamAssassin bayes in SQL</a></li>
<li><a href="subdomain.web.apps.html">Run web applications under subdomain with Nginx</a></li>
<li><a href="track.user.last.login.html">Track user last login time</a></li>
<li><a href="upgrade.debian.8-9.html">Fixes you need after upgrading Debian from 8 to 9</a></li>
<li><a href="upgrade.debian.9-10.html">Fixes you need after upgrading Debian from 9 to 10</a></li>

132
html/subdomain.web.apps.html Normal file
View File

@ -0,0 +1,132 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Run web applications under subdomain with Nginx</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="https://www.iredmail.org" target="_blank">
<img alt="iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>&nbsp;
<span>iRedMail</span>
</a>
&nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="run-web-applications-under-subdomain-with-nginx">Run web applications under subdomain with Nginx</h1>
<div class="toc">
<ul>
<li><a href="#run-web-applications-under-subdomain-with-nginx">Run web applications under subdomain with Nginx</a><ul>
<li><a href="#introduction">Introduction</a></li>
<li><a href="#run-web-applications-under-subdomain">Run web applications under subdomain</a></li>
<li><a href="#important-notes">Important notes</a></li>
</ul>
</li>
</ul>
</div>
<h2 id="introduction">Introduction</h2>
<p>By default, Roundcube, SOGo, Netdata and iRedAdmin are located at <code>/mail</code>,
<code>/SOGo</code>, <code>/netdata</code> and <code>/iredadmin</code>. If you have SOGo but no Roundcube,
<code>/mail</code> will be redirected to <code>/SOGo</code> too.</p>
<p>For example, if your server hostname is <code>mail.example.com</code>, and you correctly
added an A type DNS record pointed to this iRedMail server, you should be able
to visit them with URLs below:</p>
<ul>
<li>Roundcube webmail: <code>https://mail.example.com/mail</code></li>
<li>SOGo Groupware: <code>https://mail.example.com/SOGo</code></li>
<li>Netdata monitor: <code>https://mail.example.com/netdata</code></li>
<li>iRedAdmin or iRedAdmin-Pro: <code>https://mail.example.com/iredadmin</code></li>
</ul>
<p>The URIs are defined in the catch-all Nginx web host config file
<code>/etc/nginx/sites-available/00-default-ssl.conf</code>, here's its full content:</p>
<pre><code>#
# Note: This file must be loaded before other virtual host config files,
#
# HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _; # &lt;- Name `_` will catch all web domain names,
# &lt;- this is why this file must be loaded before other
# &lt;- web host config files.
root /var/www/html;
index index.php index.html;
include /etc/nginx/templates/misc.tmpl; # &lt;- Misc
include /etc/nginx/templates/ssl.tmpl; # &lt;- SSL related configurations.
include /etc/nginx/templates/iredadmin.tmpl; # &lt;- iRedAdmin
include /etc/nginx/templates/roundcube.tmpl; # &lt;- Roundcube webmail
include /etc/nginx/templates/sogo.tmpl; # &lt;- SOGo Groupware
include /etc/nginx/templates/netdata.tmpl; # &lt;- Netdata monitor
include /etc/nginx/templates/php-catchall.tmpl; # &lt;- php support
include /etc/nginx/templates/stub_status.tmpl; # &lt;- Nginx status monitoring
}
</code></pre>
<p>As you can see, it loads multiple configuration snippets, and they define the
URIs you can access to visit the web applications.</p>
<p>iRedMail also generates configuration snippet files to run them under subdomain:</p>
<ul>
<li>/etc/nginx/templates/iredadmin-subdomain.tmpl</li>
<li>/etc/nginx/templates/netdata-subdomain.tmpl</li>
<li>/etc/nginx/templates/roundcube-subdomain.tmpl</li>
<li>/etc/nginx/templates/sogo-subdomain.tmpl</li>
</ul>
<h2 id="run-web-applications-under-subdomain">Run web applications under subdomain</h2>
<p>To run Roundcube, SOGo and/or iRedAdmin under subdomain, you can simply create
a new web host config file, and load the <code>*-subdomain.tmpl</code> file.</p>
<p>Let's say you want to run Roundcube under subdomain <code>webmail.example.com</code>.</p>
<ul>
<li>Update DNS record to point domain name <code>webmail.example.com</code> to your iRedMail
server.</li>
<li>Create new web host config file <code>/etc/nginx/sites-available/webmail.example.com.conf</code> with content below:</li>
</ul>
<pre><code>server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name webmail.example.com;
include /etc/nginx/templates/misc.tmpl;
include /etc/nginx/templates/ssl.tmpl;
include /etc/nginx/templates/roundcube.tmpl;
}
</code></pre>
<ul>
<li>Create symbol link to <code>/etc/nginx/sites-enabled/</code> with shell command below:</li>
</ul>
<pre><code>ln -sf /etc/nginx/sites-available/webmail.example.com.conf /etc/nginx/sites-enabled/webmail.example.com.conf
</code></pre>
<ul>
<li>[OPTIONAL] If you want to remove acess from <code>https://mail.example.com/mail/</code>
(<code>mail.exmaple.com</code> is your server hostname), you can simply comment out
below line in <code>/etc/nginx/sites-available/00-default-ssl.conf</code>:</li>
</ul>
<pre><code>include /etc/nginx/templates/roundcube.tmpl;
</code></pre>
<ul>
<li>Restart or reload Nginx service:</li>
</ul>
<pre><code>service nginx restart
</code></pre>
<h2 id="important-notes">Important notes</h2>
<ul>
<li>
<p>File <code>/etc/nginx/templates/ssl.tmpl</code> loads self-signed ssl cert by default,
we strongly recommend to request free SSL cert by following our tutorial:
<a href="https://docs.iredmail.org/letsencrypt.html">Request a free cert from Let's Encrypt</a>.</p>
<p>Note: You can request one cert with multiple domain names.</p>
</li>
<li>
<p>You can also create your own Nginx configuration snipppet file with
different SSL cert/key files too.</p>
</li>
</ul><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>