New: Run web applications under subdomain with Nginx. Thanks to AVAtarMod@GitHub for the contribution. See #16
This commit is contained in:
parent
90339867c4
commit
5feb624e1e
|
@ -0,0 +1,111 @@
|
|||
# Run web applications under subdomain with Nginx
|
||||
|
||||
[TOC]
|
||||
|
||||
## Introduction
|
||||
|
||||
By default, Roundcube, SOGo, Netdata and iRedAdmin are located at `/mail`,
|
||||
`/SOGo`, `/netdata` and `/iredadmin`. If you have SOGo but no Roundcube,
|
||||
`/mail` will be redirected to `/SOGo` too.
|
||||
|
||||
For example, if your server hostname is `mail.example.com`, and you correctly
|
||||
added an A type DNS record pointed to this iRedMail server, you should be able
|
||||
to visit them with URLs below:
|
||||
|
||||
- Roundcube webmail: `https://mail.example.com/mail`
|
||||
- SOGo Groupware: `https://mail.example.com/SOGo`
|
||||
- Netdata monitor: `https://mail.example.com/netdata`
|
||||
- iRedAdmin or iRedAdmin-Pro: `https://mail.example.com/iredadmin`
|
||||
|
||||
The URIs are defined in the catch-all Nginx web host config file
|
||||
`/etc/nginx/sites-available/00-default-ssl.conf`, here's its full content:
|
||||
|
||||
```
|
||||
#
|
||||
# Note: This file must be loaded before other virtual host config files,
|
||||
#
|
||||
# HTTPS
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name _; # <- Name `_` will catch all web domain names,
|
||||
# <- this is why this file must be loaded before other
|
||||
# <- web host config files.
|
||||
|
||||
root /var/www/html;
|
||||
index index.php index.html;
|
||||
|
||||
include /etc/nginx/templates/misc.tmpl; # <- Misc
|
||||
include /etc/nginx/templates/ssl.tmpl; # <- SSL related configurations.
|
||||
include /etc/nginx/templates/iredadmin.tmpl; # <- iRedAdmin
|
||||
include /etc/nginx/templates/roundcube.tmpl; # <- Roundcube webmail
|
||||
include /etc/nginx/templates/sogo.tmpl; # <- SOGo Groupware
|
||||
include /etc/nginx/templates/netdata.tmpl; # <- Netdata monitor
|
||||
include /etc/nginx/templates/php-catchall.tmpl; # <- php support
|
||||
include /etc/nginx/templates/stub_status.tmpl; # <- Nginx status monitoring
|
||||
}
|
||||
```
|
||||
|
||||
As you can see, it loads multiple configuration snippets, and they define the
|
||||
URIs you can access to visit the web applications.
|
||||
|
||||
iRedMail also generates configuration snippet files to run them under subdomain:
|
||||
|
||||
- /etc/nginx/templates/iredadmin-subdomain.tmpl
|
||||
- /etc/nginx/templates/netdata-subdomain.tmpl
|
||||
- /etc/nginx/templates/roundcube-subdomain.tmpl
|
||||
- /etc/nginx/templates/sogo-subdomain.tmpl
|
||||
|
||||
## Run web applications under subdomain
|
||||
|
||||
To run Roundcube, SOGo and/or iRedAdmin under subdomain, you can simply create
|
||||
a new web host config file, and load the `*-subdomain.tmpl` file.
|
||||
|
||||
Let's say you want to run Roundcube under subdomain `webmail.example.com`.
|
||||
|
||||
- Update DNS record to point domain name `webmail.example.com` to your iRedMail
|
||||
server.
|
||||
- Create new web host config file `/etc/nginx/sites-available/webmail.example.com.conf` with content below:
|
||||
|
||||
```
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name webmail.example.com;
|
||||
|
||||
include /etc/nginx/templates/misc.tmpl;
|
||||
include /etc/nginx/templates/ssl.tmpl;
|
||||
include /etc/nginx/templates/roundcube.tmpl;
|
||||
}
|
||||
```
|
||||
|
||||
- Create symbol link to `/etc/nginx/sites-enabled/` with shell command below:
|
||||
|
||||
```
|
||||
ln -sf /etc/nginx/sites-available/webmail.example.com.conf /etc/nginx/sites-enabled/webmail.example.com.conf
|
||||
```
|
||||
|
||||
- [OPTIONAL] If you want to remove acess from `https://mail.example.com/mail/`
|
||||
(`mail.exmaple.com` is your server hostname), you can simply comment out
|
||||
below line in `/etc/nginx/sites-available/00-default-ssl.conf`:
|
||||
|
||||
```
|
||||
include /etc/nginx/templates/roundcube.tmpl;
|
||||
```
|
||||
|
||||
- Restart or reload Nginx service:
|
||||
|
||||
```
|
||||
service nginx restart
|
||||
```
|
||||
|
||||
## Important notes
|
||||
|
||||
- File `/etc/nginx/templates/ssl.tmpl` loads self-signed ssl cert by default,
|
||||
we strongly recommend to request free SSL cert by following our tutorial:
|
||||
[Request a free cert from Let's Encrypt](https://docs.iredmail.org/letsencrypt.html).
|
||||
|
||||
Note: You can request one cert with multiple domain names.
|
||||
|
||||
- You can also create your own Nginx configuration snipppet file with
|
||||
different SSL cert/key files too.
|
|
@ -1,134 +0,0 @@
|
|||
# Move SOGO, Roundcube and iRedAdmin to subdomains with Nginx
|
||||
|
||||
[TOC]
|
||||
|
||||
## Introduction
|
||||
iRedMail create different templates for different needs.
|
||||
By default, SOGO, Roundcube and iRedAdmin are located at /iredadmin,
|
||||
/mail and /sogo (if you install SOGo, then /mail redirect to this too).
|
||||
For example, we have:
|
||||
|
||||
- domain example.com
|
||||
- server (hosting, etc.) with installed iRedMail
|
||||
- correctly configured DNS zone example.com
|
||||
|
||||
If we visit example.com/iredadmin, then we will be redirected to the iRedAdmin (usually login page of the iRedAdmin)
|
||||
|
||||
Let's to see to default config at /etc/nginx/sites-available/00-default-ssl.conf:
|
||||
```
|
||||
#
|
||||
# Note: This file must be loaded before other virtual host config files,
|
||||
#
|
||||
# HTTPS
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name _;
|
||||
|
||||
root /var/www/html;
|
||||
index index.php index.html;
|
||||
|
||||
include /etc/nginx/templates/misc.tmpl;
|
||||
include /etc/nginx/templates/ssl.tmpl;
|
||||
include /etc/nginx/templates/iredadmin.tmpl;
|
||||
include /etc/nginx/templates/roundcube.tmpl;
|
||||
include /etc/nginx/templates/sogo.tmpl;
|
||||
include /etc/nginx/templates/netdata.tmpl;
|
||||
include /etc/nginx/templates/php-catchall.tmpl;
|
||||
include /etc/nginx/templates/stub_status.tmpl;
|
||||
|
||||
location /{
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
}
|
||||
```
|
||||
We can see following:
|
||||
```
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name _;
|
||||
...
|
||||
include /etc/nginx/templates/iredadmin.tmpl;
|
||||
include /etc/nginx/templates/roundcube.tmpl;
|
||||
include /etc/nginx/templates/sogo.tmpl;
|
||||
...
|
||||
}
|
||||
```
|
||||
That means that SOGO, Roundcube and iRedAdmin are located at host "_" (see (Nginx Documentation)[https://nginx.org/en/docs/http/server_names.html] ) and available at example.com/mail/, example.com/sogo/, etc.
|
||||
## Move SOGO, Roundcube and iRedAdmin to subdomain.
|
||||
|
||||
We can move 1, 2 or 3 services to any subdomain (ex. Roundcube, iRedAdmin, but SOGO leave at "_" host)
|
||||
|
||||
To do this, we need:
|
||||
1. Check available configs with subdomain support at /etc/nginx/templates directory
|
||||
Open terminal (usually this mean connect over ssh to server)
|
||||
Enter command after "$":
|
||||
```
|
||||
$ ls -w 1 /etc/nginx/templates
|
||||
adminer.tmpl
|
||||
fastcgi_php.tmpl
|
||||
hsts.tmpl
|
||||
iredadmin-subdomain.tmpl
|
||||
iredadmin.tmpl
|
||||
misc.tmpl
|
||||
netdata-subdomain.tmpl
|
||||
netdata.tmpl
|
||||
php-catchall.tmpl
|
||||
redirect_to_https.tmpl
|
||||
roundcube-subdomain.tmpl
|
||||
roundcube.tmpl
|
||||
sogo-subdomain.tmpl
|
||||
sogo.tmpl
|
||||
ssl.tmpl
|
||||
stub_status.tmpl
|
||||
```
|
||||
We can see 4 iRedMail configs with subdomain support:
|
||||
```
|
||||
iredadmin-subdomain.tmpl
|
||||
netdata-subdomain.tmpl
|
||||
roundcube-subdomain.tmpl
|
||||
sogo-subdomain.tmpl
|
||||
```
|
||||
This mean that iRedAdmin, Netdata, Roundcube or SOGO can be moved to subdomain.
|
||||
We choose one of them, as example roundcube-subdomain.tmpl
|
||||
2. Create new site config at /etc/nginx/sites-available/
|
||||
As example, we create roundcube.example.com.conf
|
||||
3. Write config to file
|
||||
We need to use "server" context with
|
||||
```
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name roundcube.example.com;
|
||||
```
|
||||
Then, add line
|
||||
```
|
||||
include /etc/nginx/templates/roundcube-subdomain.tmpl;
|
||||
```
|
||||
We can also add SSL support:
|
||||
Create /etc/nginx/templates/ssl-subdomain.tmpl (you may use ssl.tmpl as template), then add line
|
||||
```
|
||||
include /etc/nginx/templates/ssl-subdomain.tmpl;
|
||||
```
|
||||
As result, we have
|
||||
```
|
||||
server{
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name roundcube.example.com;
|
||||
|
||||
include /etc/nginx/templates/roundcube-subdomain.tmpl;
|
||||
include /etc/nginx/templates/ssl-subdomain.tmpl;
|
||||
}
|
||||
```
|
||||
4. [OPTIONAL] If you want deny acess to your service at host "_" over example.com/mail/, you can do the following:
|
||||
* Remove line "include /etc/nginx/templates/roundcube.tmpl;"
|
||||
from default config at /etc/nginx/sites-available/00-default-ssl.conf
|
||||
!!! note
|
||||
I recommend
|
||||
- create request wildcard SSL certificate (that works for any subdomain, ex name1.example.com ... 1000name.example.com)
|
||||
- create wildcard DNS records, ex. "CNAME *.example.com example.com"
|
||||
- Use wildcard SSL certificate for any number of your subdomains (use /etc/nginx/templates/ssl.tmpl as template
|
||||
and see (Nginx Docs)[https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl] if you have troubles)
|
||||
|
||||
That's all we need
|
|
@ -152,6 +152,7 @@
|
|||
<li><a href="sql.user.mail.forwarding.html">SQL: User mail forwarding</a></li>
|
||||
<li><a href="srs.html">Enable SRS (Sender Rewriting Scheme) support</a></li>
|
||||
<li><a href="store.spamassassin.bayes.in.sql.html">Store SpamAssassin bayes in SQL</a></li>
|
||||
<li><a href="subdomain.web.apps.html">Run web applications under subdomain with Nginx</a></li>
|
||||
<li><a href="track.user.last.login.html">Track user last login time</a></li>
|
||||
<li><a href="upgrade.debian.8-9.html">Fixes you need after upgrading Debian from 8 to 9</a></li>
|
||||
<li><a href="upgrade.debian.9-10.html">Fixes you need after upgrading Debian from 9 to 10</a></li>
|
||||
|
|
|
@ -0,0 +1,132 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<title>Run web applications under subdomain with Nginx</title>
|
||||
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div id="navigation">
|
||||
<a href="https://www.iredmail.org" target="_blank">
|
||||
<img alt="iRedMail web site"
|
||||
src="./images/logo-iredmail.png"
|
||||
style="vertical-align: middle; height: 30px;"
|
||||
/>
|
||||
<span>iRedMail</span>
|
||||
</a>
|
||||
// <a href="./index.html">Document Index</a></div><h1 id="run-web-applications-under-subdomain-with-nginx">Run web applications under subdomain with Nginx</h1>
|
||||
<div class="toc">
|
||||
<ul>
|
||||
<li><a href="#run-web-applications-under-subdomain-with-nginx">Run web applications under subdomain with Nginx</a><ul>
|
||||
<li><a href="#introduction">Introduction</a></li>
|
||||
<li><a href="#run-web-applications-under-subdomain">Run web applications under subdomain</a></li>
|
||||
<li><a href="#important-notes">Important notes</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<h2 id="introduction">Introduction</h2>
|
||||
<p>By default, Roundcube, SOGo, Netdata and iRedAdmin are located at <code>/mail</code>,
|
||||
<code>/SOGo</code>, <code>/netdata</code> and <code>/iredadmin</code>. If you have SOGo but no Roundcube,
|
||||
<code>/mail</code> will be redirected to <code>/SOGo</code> too.</p>
|
||||
<p>For example, if your server hostname is <code>mail.example.com</code>, and you correctly
|
||||
added an A type DNS record pointed to this iRedMail server, you should be able
|
||||
to visit them with URLs below:</p>
|
||||
<ul>
|
||||
<li>Roundcube webmail: <code>https://mail.example.com/mail</code></li>
|
||||
<li>SOGo Groupware: <code>https://mail.example.com/SOGo</code></li>
|
||||
<li>Netdata monitor: <code>https://mail.example.com/netdata</code></li>
|
||||
<li>iRedAdmin or iRedAdmin-Pro: <code>https://mail.example.com/iredadmin</code></li>
|
||||
</ul>
|
||||
<p>The URIs are defined in the catch-all Nginx web host config file
|
||||
<code>/etc/nginx/sites-available/00-default-ssl.conf</code>, here's its full content:</p>
|
||||
<pre><code>#
|
||||
# Note: This file must be loaded before other virtual host config files,
|
||||
#
|
||||
# HTTPS
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name _; # <- Name `_` will catch all web domain names,
|
||||
# <- this is why this file must be loaded before other
|
||||
# <- web host config files.
|
||||
|
||||
root /var/www/html;
|
||||
index index.php index.html;
|
||||
|
||||
include /etc/nginx/templates/misc.tmpl; # <- Misc
|
||||
include /etc/nginx/templates/ssl.tmpl; # <- SSL related configurations.
|
||||
include /etc/nginx/templates/iredadmin.tmpl; # <- iRedAdmin
|
||||
include /etc/nginx/templates/roundcube.tmpl; # <- Roundcube webmail
|
||||
include /etc/nginx/templates/sogo.tmpl; # <- SOGo Groupware
|
||||
include /etc/nginx/templates/netdata.tmpl; # <- Netdata monitor
|
||||
include /etc/nginx/templates/php-catchall.tmpl; # <- php support
|
||||
include /etc/nginx/templates/stub_status.tmpl; # <- Nginx status monitoring
|
||||
}
|
||||
</code></pre>
|
||||
|
||||
<p>As you can see, it loads multiple configuration snippets, and they define the
|
||||
URIs you can access to visit the web applications.</p>
|
||||
<p>iRedMail also generates configuration snippet files to run them under subdomain:</p>
|
||||
<ul>
|
||||
<li>/etc/nginx/templates/iredadmin-subdomain.tmpl</li>
|
||||
<li>/etc/nginx/templates/netdata-subdomain.tmpl</li>
|
||||
<li>/etc/nginx/templates/roundcube-subdomain.tmpl</li>
|
||||
<li>/etc/nginx/templates/sogo-subdomain.tmpl</li>
|
||||
</ul>
|
||||
<h2 id="run-web-applications-under-subdomain">Run web applications under subdomain</h2>
|
||||
<p>To run Roundcube, SOGo and/or iRedAdmin under subdomain, you can simply create
|
||||
a new web host config file, and load the <code>*-subdomain.tmpl</code> file.</p>
|
||||
<p>Let's say you want to run Roundcube under subdomain <code>webmail.example.com</code>.</p>
|
||||
<ul>
|
||||
<li>Update DNS record to point domain name <code>webmail.example.com</code> to your iRedMail
|
||||
server.</li>
|
||||
<li>Create new web host config file <code>/etc/nginx/sites-available/webmail.example.com.conf</code> with content below:</li>
|
||||
</ul>
|
||||
<pre><code>server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name webmail.example.com;
|
||||
|
||||
include /etc/nginx/templates/misc.tmpl;
|
||||
include /etc/nginx/templates/ssl.tmpl;
|
||||
include /etc/nginx/templates/roundcube.tmpl;
|
||||
}
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Create symbol link to <code>/etc/nginx/sites-enabled/</code> with shell command below:</li>
|
||||
</ul>
|
||||
<pre><code>ln -sf /etc/nginx/sites-available/webmail.example.com.conf /etc/nginx/sites-enabled/webmail.example.com.conf
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>[OPTIONAL] If you want to remove acess from <code>https://mail.example.com/mail/</code>
|
||||
(<code>mail.exmaple.com</code> is your server hostname), you can simply comment out
|
||||
below line in <code>/etc/nginx/sites-available/00-default-ssl.conf</code>:</li>
|
||||
</ul>
|
||||
<pre><code>include /etc/nginx/templates/roundcube.tmpl;
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Restart or reload Nginx service:</li>
|
||||
</ul>
|
||||
<pre><code>service nginx restart
|
||||
</code></pre>
|
||||
|
||||
<h2 id="important-notes">Important notes</h2>
|
||||
<ul>
|
||||
<li>
|
||||
<p>File <code>/etc/nginx/templates/ssl.tmpl</code> loads self-signed ssl cert by default,
|
||||
we strongly recommend to request free SSL cert by following our tutorial:
|
||||
<a href="https://docs.iredmail.org/letsencrypt.html">Request a free cert from Let's Encrypt</a>.</p>
|
||||
<p>Note: You can request one cert with multiple domain names.</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>You can also create your own Nginx configuration snipppet file with
|
||||
different SSL cert/key files too.</p>
|
||||
</li>
|
||||
</ul><div class="footer">
|
||||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||||
</div></body></html>
|
Loading…
Reference in New Issue