From 5feb624e1ebfaeb6f3867f32904a6342038fdde0 Mon Sep 17 00:00:00 2001 From: Zhang Huangbin Date: Thu, 5 Aug 2021 09:44:33 +0800 Subject: [PATCH] New: Run web applications under subdomain with Nginx. Thanks to AVAtarMod@GitHub for the contribution. See #16 --- en_US/howto/subdomain.web.apps.md | 111 +++++++++++++++++++++++++ en_US/howto/subdomains.md | 134 ------------------------------ html/index.html | 1 + html/subdomain.web.apps.html | 132 +++++++++++++++++++++++++++++ 4 files changed, 244 insertions(+), 134 deletions(-) create mode 100644 en_US/howto/subdomain.web.apps.md delete mode 100644 en_US/howto/subdomains.md create mode 100644 html/subdomain.web.apps.html diff --git a/en_US/howto/subdomain.web.apps.md b/en_US/howto/subdomain.web.apps.md new file mode 100644 index 00000000..eebeb699 --- /dev/null +++ b/en_US/howto/subdomain.web.apps.md @@ -0,0 +1,111 @@ +# Run web applications under subdomain with Nginx + +[TOC] + +## Introduction + +By default, Roundcube, SOGo, Netdata and iRedAdmin are located at `/mail`, +`/SOGo`, `/netdata` and `/iredadmin`. If you have SOGo but no Roundcube, +`/mail` will be redirected to `/SOGo` too. + +For example, if your server hostname is `mail.example.com`, and you correctly +added an A type DNS record pointed to this iRedMail server, you should be able +to visit them with URLs below: + +- Roundcube webmail: `https://mail.example.com/mail` +- SOGo Groupware: `https://mail.example.com/SOGo` +- Netdata monitor: `https://mail.example.com/netdata` +- iRedAdmin or iRedAdmin-Pro: `https://mail.example.com/iredadmin` + +The URIs are defined in the catch-all Nginx web host config file +`/etc/nginx/sites-available/00-default-ssl.conf`, here's its full content: + +``` +# +# Note: This file must be loaded before other virtual host config files, +# +# HTTPS +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name _; # <- Name `_` will catch all web domain names, + # <- this is why this file must be loaded before other + # <- web host config files. + + root /var/www/html; + index index.php index.html; + + include /etc/nginx/templates/misc.tmpl; # <- Misc + include /etc/nginx/templates/ssl.tmpl; # <- SSL related configurations. + include /etc/nginx/templates/iredadmin.tmpl; # <- iRedAdmin + include /etc/nginx/templates/roundcube.tmpl; # <- Roundcube webmail + include /etc/nginx/templates/sogo.tmpl; # <- SOGo Groupware + include /etc/nginx/templates/netdata.tmpl; # <- Netdata monitor + include /etc/nginx/templates/php-catchall.tmpl; # <- php support + include /etc/nginx/templates/stub_status.tmpl; # <- Nginx status monitoring +} +``` + +As you can see, it loads multiple configuration snippets, and they define the +URIs you can access to visit the web applications. + +iRedMail also generates configuration snippet files to run them under subdomain: + +- /etc/nginx/templates/iredadmin-subdomain.tmpl +- /etc/nginx/templates/netdata-subdomain.tmpl +- /etc/nginx/templates/roundcube-subdomain.tmpl +- /etc/nginx/templates/sogo-subdomain.tmpl + +## Run web applications under subdomain + +To run Roundcube, SOGo and/or iRedAdmin under subdomain, you can simply create +a new web host config file, and load the `*-subdomain.tmpl` file. + +Let's say you want to run Roundcube under subdomain `webmail.example.com`. + +- Update DNS record to point domain name `webmail.example.com` to your iRedMail + server. +- Create new web host config file `/etc/nginx/sites-available/webmail.example.com.conf` with content below: + +``` +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name webmail.example.com; + + include /etc/nginx/templates/misc.tmpl; + include /etc/nginx/templates/ssl.tmpl; + include /etc/nginx/templates/roundcube.tmpl; +} +``` + +- Create symbol link to `/etc/nginx/sites-enabled/` with shell command below: + +``` +ln -sf /etc/nginx/sites-available/webmail.example.com.conf /etc/nginx/sites-enabled/webmail.example.com.conf +``` + +- [OPTIONAL] If you want to remove acess from `https://mail.example.com/mail/` + (`mail.exmaple.com` is your server hostname), you can simply comment out + below line in `/etc/nginx/sites-available/00-default-ssl.conf`: + +``` +include /etc/nginx/templates/roundcube.tmpl; +``` + +- Restart or reload Nginx service: + +``` +service nginx restart +``` + +## Important notes + +- File `/etc/nginx/templates/ssl.tmpl` loads self-signed ssl cert by default, + we strongly recommend to request free SSL cert by following our tutorial: + [Request a free cert from Let's Encrypt](https://docs.iredmail.org/letsencrypt.html). + + Note: You can request one cert with multiple domain names. + +- You can also create your own Nginx configuration snipppet file with + different SSL cert/key files too. diff --git a/en_US/howto/subdomains.md b/en_US/howto/subdomains.md deleted file mode 100644 index 0808cac3..00000000 --- a/en_US/howto/subdomains.md +++ /dev/null @@ -1,134 +0,0 @@ -# Move SOGO, Roundcube and iRedAdmin to subdomains with Nginx - -[TOC] - -## Introduction -iRedMail create different templates for different needs. -By default, SOGO, Roundcube and iRedAdmin are located at /iredadmin, -/mail and /sogo (if you install SOGo, then /mail redirect to this too). -For example, we have: - -- domain example.com -- server (hosting, etc.) with installed iRedMail -- correctly configured DNS zone example.com - -If we visit example.com/iredadmin, then we will be redirected to the iRedAdmin (usually login page of the iRedAdmin) - -Let's to see to default config at /etc/nginx/sites-available/00-default-ssl.conf: -``` -# -# Note: This file must be loaded before other virtual host config files, -# -# HTTPS -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name _; - - root /var/www/html; - index index.php index.html; - - include /etc/nginx/templates/misc.tmpl; - include /etc/nginx/templates/ssl.tmpl; - include /etc/nginx/templates/iredadmin.tmpl; - include /etc/nginx/templates/roundcube.tmpl; - include /etc/nginx/templates/sogo.tmpl; - include /etc/nginx/templates/netdata.tmpl; - include /etc/nginx/templates/php-catchall.tmpl; - include /etc/nginx/templates/stub_status.tmpl; - - location /{ - try_files $uri $uri/ /index.php$is_args$args; - } -} -``` -We can see following: -``` -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name _; - ... - include /etc/nginx/templates/iredadmin.tmpl; - include /etc/nginx/templates/roundcube.tmpl; - include /etc/nginx/templates/sogo.tmpl; - ... -} -``` -That means that SOGO, Roundcube and iRedAdmin are located at host "_" (see (Nginx Documentation)[https://nginx.org/en/docs/http/server_names.html] ) and available at example.com/mail/, example.com/sogo/, etc. -## Move SOGO, Roundcube and iRedAdmin to subdomain. - -We can move 1, 2 or 3 services to any subdomain (ex. Roundcube, iRedAdmin, but SOGO leave at "_" host) - -To do this, we need: -1. Check available configs with subdomain support at /etc/nginx/templates directory -Open terminal (usually this mean connect over ssh to server) -Enter command after "$": -``` -$ ls -w 1 /etc/nginx/templates -adminer.tmpl -fastcgi_php.tmpl -hsts.tmpl -iredadmin-subdomain.tmpl -iredadmin.tmpl -misc.tmpl -netdata-subdomain.tmpl -netdata.tmpl -php-catchall.tmpl -redirect_to_https.tmpl -roundcube-subdomain.tmpl -roundcube.tmpl -sogo-subdomain.tmpl -sogo.tmpl -ssl.tmpl -stub_status.tmpl -``` -We can see 4 iRedMail configs with subdomain support: -``` -iredadmin-subdomain.tmpl -netdata-subdomain.tmpl -roundcube-subdomain.tmpl -sogo-subdomain.tmpl -``` -This mean that iRedAdmin, Netdata, Roundcube or SOGO can be moved to subdomain. -We choose one of them, as example roundcube-subdomain.tmpl -2. Create new site config at /etc/nginx/sites-available/ -As example, we create roundcube.example.com.conf -3. Write config to file -We need to use "server" context with -``` - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name roundcube.example.com; -``` -Then, add line -``` - include /etc/nginx/templates/roundcube-subdomain.tmpl; -``` -We can also add SSL support: -Create /etc/nginx/templates/ssl-subdomain.tmpl (you may use ssl.tmpl as template), then add line -``` - include /etc/nginx/templates/ssl-subdomain.tmpl; -``` -As result, we have -``` -server{ - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name roundcube.example.com; - - include /etc/nginx/templates/roundcube-subdomain.tmpl; - include /etc/nginx/templates/ssl-subdomain.tmpl; -} -``` -4. [OPTIONAL] If you want deny acess to your service at host "_" over example.com/mail/, you can do the following: - * Remove line "include /etc/nginx/templates/roundcube.tmpl;" - from default config at /etc/nginx/sites-available/00-default-ssl.conf -!!! note - I recommend - - create request wildcard SSL certificate (that works for any subdomain, ex name1.example.com ... 1000name.example.com) - - create wildcard DNS records, ex. "CNAME *.example.com example.com" - - Use wildcard SSL certificate for any number of your subdomains (use /etc/nginx/templates/ssl.tmpl as template - and see (Nginx Docs)[https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl] if you have troubles) - -That's all we need \ No newline at end of file diff --git a/html/index.html b/html/index.html index 3ea9becb..b76524d6 100644 --- a/html/index.html +++ b/html/index.html @@ -152,6 +152,7 @@
  • SQL: User mail forwarding
  • Enable SRS (Sender Rewriting Scheme) support
  • Store SpamAssassin bayes in SQL
    • +
  • Run web applications under subdomain with Nginx
  • Track user last login time
  • Fixes you need after upgrading Debian from 8 to 9
  • Fixes you need after upgrading Debian from 9 to 10
    • diff --git a/html/subdomain.web.apps.html b/html/subdomain.web.apps.html new file mode 100644 index 00000000..f4a6a841 --- /dev/null +++ b/html/subdomain.web.apps.html @@ -0,0 +1,132 @@ + + + + + Run web applications under subdomain with Nginx + + + + +

    Run web applications under subdomain with Nginx

    +
    + +
    +

    Introduction

    +

    By default, Roundcube, SOGo, Netdata and iRedAdmin are located at /mail, +/SOGo, /netdata and /iredadmin. If you have SOGo but no Roundcube, +/mail will be redirected to /SOGo too.

    +

    For example, if your server hostname is mail.example.com, and you correctly +added an A type DNS record pointed to this iRedMail server, you should be able +to visit them with URLs below:

    + +

    The URIs are defined in the catch-all Nginx web host config file +/etc/nginx/sites-available/00-default-ssl.conf, here's its full content:

    +
    #
+# Note: This file must be loaded before other virtual host config files,
+#
+# HTTPS
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name _;      # <- Name `_` will catch all web domain names,
+                        # <- this is why this file must be loaded before other
+                        # <- web host config files.
+
+    root /var/www/html;
+    index index.php index.html;
+
+    include /etc/nginx/templates/misc.tmpl;         # <- Misc
+    include /etc/nginx/templates/ssl.tmpl;          # <- SSL related configurations.
+    include /etc/nginx/templates/iredadmin.tmpl;    # <- iRedAdmin
+    include /etc/nginx/templates/roundcube.tmpl;    # <- Roundcube webmail
+    include /etc/nginx/templates/sogo.tmpl;         # <- SOGo Groupware
+    include /etc/nginx/templates/netdata.tmpl;      # <- Netdata monitor
+    include /etc/nginx/templates/php-catchall.tmpl; # <- php support
+    include /etc/nginx/templates/stub_status.tmpl;  # <- Nginx status monitoring
+}
+
    + +

    As you can see, it loads multiple configuration snippets, and they define the +URIs you can access to visit the web applications.

    +

    iRedMail also generates configuration snippet files to run them under subdomain:

    + +

    Run web applications under subdomain

    +

    To run Roundcube, SOGo and/or iRedAdmin under subdomain, you can simply create +a new web host config file, and load the *-subdomain.tmpl file.

    +

    Let's say you want to run Roundcube under subdomain webmail.example.com.

    + +
    server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name webmail.example.com;
+
+    include /etc/nginx/templates/misc.tmpl;
+    include /etc/nginx/templates/ssl.tmpl;
+    include /etc/nginx/templates/roundcube.tmpl;
+}
+
    + + +
    ln -sf /etc/nginx/sites-available/webmail.example.com.conf /etc/nginx/sites-enabled/webmail.example.com.conf
+
    + + +
    include /etc/nginx/templates/roundcube.tmpl;
+
    + + +
    service nginx restart
+
    + +

    Important notes

    +
    +

    All documents are available in GitHub repository, and published under Creative Commons license. You can download the latest version for offline reading. If you found something wrong, please do contact us to fix it.

    +
    \ No newline at end of file