Add letsencrypt support in the nginx container

nginx/conf/nginx.conf

@@ -21,7 +21,8 @@ http {
     server {
       listen 80;
 
-      {% if TLS_FLAVOR != 'notls' %}
+      # TLS configuration
+      {% if TLS and not TLS_ERROR %}
       listen 443 ssl;
 
       ssl_protocols TLSv1.1 TLSv1.2;
@@ -29,8 +30,8 @@ http {
       ssl_prefer_server_ciphers on;
       ssl_session_timeout 5m;
       ssl_session_cache shared:SSL:50m;
-      ssl_certificate /certs/cert.pem;
-      ssl_certificate_key /certs/key.pem;
+      ssl_certificate {{ TLS[0] }};
+      ssl_certificate_key {{ TLS[1] }};
 
       add_header Strict-Transport-Security max-age=15768000;
 
@@ -39,7 +40,18 @@ http {
       }
       {% endif %}
 
+      {% if TLS_FLAVOR == 'letsencrypt' %}
+      location ^~ /.well-known/acme-challenge/ {
+          proxy_pass http://localhost:8000;
+      }
+      {% endif %}
+
       # Actual logic
+      {% if TLS_ERROR %}
+      location / {
+        return 403
+      }
+      {% else %}
       {% if WEBMAIL != 'none' %}
       location / {
         return 301 $scheme://$host/webmail/;
@@ -52,6 +64,9 @@ http {
       {% endif %}
 
       {% if ADMIN == 'true' %}
+      location /admin {
+        return 301 $scheme://$host/admin/ui;
+      }
       location /admin/ui {
         rewrite ^/admin/(.*) /$1 break;
         proxy_pass http://admin;
@@ -64,11 +79,12 @@ http {
         proxy_pass http://webdav:5232;
       }
       {% endif %}
+      {% endif %}
     }
 }
 
 mail {
-    server_name {{ HOSTNAME }};
+    server_name {{ HOSTNAMES.split(",")[0] }};
     auth_http http://{{ ADMIN_ADDRESS }}/internal/nginx;
     proxy_pass_error_message on;