diff --git a/en_US/howto/subdomain.web.apps.md b/en_US/howto/subdomain.web.apps.md new file mode 100644 index 00000000..eebeb699 --- /dev/null +++ b/en_US/howto/subdomain.web.apps.md @@ -0,0 +1,111 @@ +# Run web applications under subdomain with Nginx + +[TOC] + +## Introduction + +By default, Roundcube, SOGo, Netdata and iRedAdmin are located at `/mail`, +`/SOGo`, `/netdata` and `/iredadmin`. If you have SOGo but no Roundcube, +`/mail` will be redirected to `/SOGo` too. + +For example, if your server hostname is `mail.example.com`, and you correctly +added an A type DNS record pointed to this iRedMail server, you should be able +to visit them with URLs below: + +- Roundcube webmail: `https://mail.example.com/mail` +- SOGo Groupware: `https://mail.example.com/SOGo` +- Netdata monitor: `https://mail.example.com/netdata` +- iRedAdmin or iRedAdmin-Pro: `https://mail.example.com/iredadmin` + +The URIs are defined in the catch-all Nginx web host config file +`/etc/nginx/sites-available/00-default-ssl.conf`, here's its full content: + +``` +# +# Note: This file must be loaded before other virtual host config files, +# +# HTTPS +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name _; # <- Name `_` will catch all web domain names, + # <- this is why this file must be loaded before other + # <- web host config files. + + root /var/www/html; + index index.php index.html; + + include /etc/nginx/templates/misc.tmpl; # <- Misc + include /etc/nginx/templates/ssl.tmpl; # <- SSL related configurations. + include /etc/nginx/templates/iredadmin.tmpl; # <- iRedAdmin + include /etc/nginx/templates/roundcube.tmpl; # <- Roundcube webmail + include /etc/nginx/templates/sogo.tmpl; # <- SOGo Groupware + include /etc/nginx/templates/netdata.tmpl; # <- Netdata monitor + include /etc/nginx/templates/php-catchall.tmpl; # <- php support + include /etc/nginx/templates/stub_status.tmpl; # <- Nginx status monitoring +} +``` + +As you can see, it loads multiple configuration snippets, and they define the +URIs you can access to visit the web applications. + +iRedMail also generates configuration snippet files to run them under subdomain: + +- /etc/nginx/templates/iredadmin-subdomain.tmpl +- /etc/nginx/templates/netdata-subdomain.tmpl +- /etc/nginx/templates/roundcube-subdomain.tmpl +- /etc/nginx/templates/sogo-subdomain.tmpl + +## Run web applications under subdomain + +To run Roundcube, SOGo and/or iRedAdmin under subdomain, you can simply create +a new web host config file, and load the `*-subdomain.tmpl` file. + +Let's say you want to run Roundcube under subdomain `webmail.example.com`. + +- Update DNS record to point domain name `webmail.example.com` to your iRedMail + server. +- Create new web host config file `/etc/nginx/sites-available/webmail.example.com.conf` with content below: + +``` +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name webmail.example.com; + + include /etc/nginx/templates/misc.tmpl; + include /etc/nginx/templates/ssl.tmpl; + include /etc/nginx/templates/roundcube.tmpl; +} +``` + +- Create symbol link to `/etc/nginx/sites-enabled/` with shell command below: + +``` +ln -sf /etc/nginx/sites-available/webmail.example.com.conf /etc/nginx/sites-enabled/webmail.example.com.conf +``` + +- [OPTIONAL] If you want to remove acess from `https://mail.example.com/mail/` + (`mail.exmaple.com` is your server hostname), you can simply comment out + below line in `/etc/nginx/sites-available/00-default-ssl.conf`: + +``` +include /etc/nginx/templates/roundcube.tmpl; +``` + +- Restart or reload Nginx service: + +``` +service nginx restart +``` + +## Important notes + +- File `/etc/nginx/templates/ssl.tmpl` loads self-signed ssl cert by default, + we strongly recommend to request free SSL cert by following our tutorial: + [Request a free cert from Let's Encrypt](https://docs.iredmail.org/letsencrypt.html). + + Note: You can request one cert with multiple domain names. + +- You can also create your own Nginx configuration snipppet file with + different SSL cert/key files too. diff --git a/en_US/howto/subdomains.md b/en_US/howto/subdomains.md deleted file mode 100644 index 0808cac3..00000000 --- a/en_US/howto/subdomains.md +++ /dev/null @@ -1,134 +0,0 @@ -# Move SOGO, Roundcube and iRedAdmin to subdomains with Nginx - -[TOC] - -## Introduction -iRedMail create different templates for different needs. -By default, SOGO, Roundcube and iRedAdmin are located at /iredadmin, -/mail and /sogo (if you install SOGo, then /mail redirect to this too). -For example, we have: - -- domain example.com -- server (hosting, etc.) with installed iRedMail -- correctly configured DNS zone example.com - -If we visit example.com/iredadmin, then we will be redirected to the iRedAdmin (usually login page of the iRedAdmin) - -Let's to see to default config at /etc/nginx/sites-available/00-default-ssl.conf: -``` -# -# Note: This file must be loaded before other virtual host config files, -# -# HTTPS -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name _; - - root /var/www/html; - index index.php index.html; - - include /etc/nginx/templates/misc.tmpl; - include /etc/nginx/templates/ssl.tmpl; - include /etc/nginx/templates/iredadmin.tmpl; - include /etc/nginx/templates/roundcube.tmpl; - include /etc/nginx/templates/sogo.tmpl; - include /etc/nginx/templates/netdata.tmpl; - include /etc/nginx/templates/php-catchall.tmpl; - include /etc/nginx/templates/stub_status.tmpl; - - location /{ - try_files $uri $uri/ /index.php$is_args$args; - } -} -``` -We can see following: -``` -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name _; - ... - include /etc/nginx/templates/iredadmin.tmpl; - include /etc/nginx/templates/roundcube.tmpl; - include /etc/nginx/templates/sogo.tmpl; - ... -} -``` -That means that SOGO, Roundcube and iRedAdmin are located at host "_" (see (Nginx Documentation)[https://nginx.org/en/docs/http/server_names.html] ) and available at example.com/mail/, example.com/sogo/, etc. -## Move SOGO, Roundcube and iRedAdmin to subdomain. - -We can move 1, 2 or 3 services to any subdomain (ex. Roundcube, iRedAdmin, but SOGO leave at "_" host) - -To do this, we need: -1. Check available configs with subdomain support at /etc/nginx/templates directory -Open terminal (usually this mean connect over ssh to server) -Enter command after "$": -``` -$ ls -w 1 /etc/nginx/templates -adminer.tmpl -fastcgi_php.tmpl -hsts.tmpl -iredadmin-subdomain.tmpl -iredadmin.tmpl -misc.tmpl -netdata-subdomain.tmpl -netdata.tmpl -php-catchall.tmpl -redirect_to_https.tmpl -roundcube-subdomain.tmpl -roundcube.tmpl -sogo-subdomain.tmpl -sogo.tmpl -ssl.tmpl -stub_status.tmpl -``` -We can see 4 iRedMail configs with subdomain support: -``` -iredadmin-subdomain.tmpl -netdata-subdomain.tmpl -roundcube-subdomain.tmpl -sogo-subdomain.tmpl -``` -This mean that iRedAdmin, Netdata, Roundcube or SOGO can be moved to subdomain. -We choose one of them, as example roundcube-subdomain.tmpl -2. Create new site config at /etc/nginx/sites-available/ -As example, we create roundcube.example.com.conf -3. Write config to file -We need to use "server" context with -``` - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name roundcube.example.com; -``` -Then, add line -``` - include /etc/nginx/templates/roundcube-subdomain.tmpl; -``` -We can also add SSL support: -Create /etc/nginx/templates/ssl-subdomain.tmpl (you may use ssl.tmpl as template), then add line -``` - include /etc/nginx/templates/ssl-subdomain.tmpl; -``` -As result, we have -``` -server{ - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name roundcube.example.com; - - include /etc/nginx/templates/roundcube-subdomain.tmpl; - include /etc/nginx/templates/ssl-subdomain.tmpl; -} -``` -4. [OPTIONAL] If you want deny acess to your service at host "_" over example.com/mail/, you can do the following: - * Remove line "include /etc/nginx/templates/roundcube.tmpl;" - from default config at /etc/nginx/sites-available/00-default-ssl.conf -!!! note - I recommend - - create request wildcard SSL certificate (that works for any subdomain, ex name1.example.com ... 1000name.example.com) - - create wildcard DNS records, ex. "CNAME *.example.com example.com" - - Use wildcard SSL certificate for any number of your subdomains (use /etc/nginx/templates/ssl.tmpl as template - and see (Nginx Docs)[https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl] if you have troubles) - -That's all we need \ No newline at end of file diff --git a/html/index.html b/html/index.html index 3ea9becb..b76524d6 100644 --- a/html/index.html +++ b/html/index.html @@ -152,6 +152,7 @@
By default, Roundcube, SOGo, Netdata and iRedAdmin are located at /mail
,
+/SOGo
, /netdata
and /iredadmin
. If you have SOGo but no Roundcube,
+/mail
will be redirected to /SOGo
too.
For example, if your server hostname is mail.example.com
, and you correctly
+added an A type DNS record pointed to this iRedMail server, you should be able
+to visit them with URLs below:
https://mail.example.com/mail
https://mail.example.com/SOGo
https://mail.example.com/netdata
https://mail.example.com/iredadmin
The URIs are defined in the catch-all Nginx web host config file
+/etc/nginx/sites-available/00-default-ssl.conf
, here's its full content:
#
+# Note: This file must be loaded before other virtual host config files,
+#
+# HTTPS
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name _; # <- Name `_` will catch all web domain names,
+ # <- this is why this file must be loaded before other
+ # <- web host config files.
+
+ root /var/www/html;
+ index index.php index.html;
+
+ include /etc/nginx/templates/misc.tmpl; # <- Misc
+ include /etc/nginx/templates/ssl.tmpl; # <- SSL related configurations.
+ include /etc/nginx/templates/iredadmin.tmpl; # <- iRedAdmin
+ include /etc/nginx/templates/roundcube.tmpl; # <- Roundcube webmail
+ include /etc/nginx/templates/sogo.tmpl; # <- SOGo Groupware
+ include /etc/nginx/templates/netdata.tmpl; # <- Netdata monitor
+ include /etc/nginx/templates/php-catchall.tmpl; # <- php support
+ include /etc/nginx/templates/stub_status.tmpl; # <- Nginx status monitoring
+}
+
+
+As you can see, it loads multiple configuration snippets, and they define the +URIs you can access to visit the web applications.
+iRedMail also generates configuration snippet files to run them under subdomain:
+To run Roundcube, SOGo and/or iRedAdmin under subdomain, you can simply create
+a new web host config file, and load the *-subdomain.tmpl
file.
Let's say you want to run Roundcube under subdomain webmail.example.com
.
webmail.example.com
to your iRedMail
+ server./etc/nginx/sites-available/webmail.example.com.conf
with content below:server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name webmail.example.com;
+
+ include /etc/nginx/templates/misc.tmpl;
+ include /etc/nginx/templates/ssl.tmpl;
+ include /etc/nginx/templates/roundcube.tmpl;
+}
+
+
+/etc/nginx/sites-enabled/
with shell command below:ln -sf /etc/nginx/sites-available/webmail.example.com.conf /etc/nginx/sites-enabled/webmail.example.com.conf
+
+
+https://mail.example.com/mail/
+ (mail.exmaple.com
is your server hostname), you can simply comment out
+ below line in /etc/nginx/sites-available/00-default-ssl.conf
:include /etc/nginx/templates/roundcube.tmpl;
+
+
+service nginx restart
+
+
+File /etc/nginx/templates/ssl.tmpl
loads self-signed ssl cert by default,
+ we strongly recommend to request free SSL cert by following our tutorial:
+ Request a free cert from Let's Encrypt.
Note: You can request one cert with multiple domain names.
+You can also create your own Nginx configuration snipppet file with + different SSL cert/key files too.
+