Use an HTTP proxy for resolving the admin address dynamically

nginx/conf/nginx.conf

@@ -19,6 +19,7 @@ http {
     server_tokens off;
     absolute_redirect off;
 
+    # Main HTTP server
     server {
       # Always listen over HTTP
       listen 80;
@@ -83,11 +84,20 @@ http {
       {% endif %}
       {% endif %}
     }
+
+    # Forwarding authentication server
+    server {
+      listen 127.0.0.1:8000;
+
+      location /internal {
+        proxy_pass http://admin;
+      }
+    }
 }
 
 mail {
     server_name {{ HOSTNAMES.split(",")[0] }};
-    auth_http http://{{ ADMIN_ADDRESS }}/internal/nginx;
+    auth_http http://127.0.0.1:8000/internal/nginx;
     proxy_pass_error_message on;
 
     {% if TLS and not TLS_ERROR %}
@@ -132,18 +142,20 @@ mail {
       imap_auth plain;
     }
 
-    {% if TLS %}
     server {
-      listen 465 ssl;
-      listen [::]:465 ssl;
+      listen 587;
+      listen [::]:587;
+      {% if TLS %}
+      starttls only;
+      {% endif %}
       protocol smtp;
       smtp_auth plain;
     }
 
+    {% if TLS %}
     server {
-      listen 587;
-      listen [::]:587;
-      starttls only;
+      listen 465 ssl;
+      listen [::]:465 ssl;
       protocol smtp;
       smtp_auth plain;
     }