Do not expose the Web admin interface by default, fixes #40
This commit is contained in:
Pierre Jaury
3
.env
3
.env
@@ -42,6 +42,9 @@ FRONTEND=none
|
|||||||
# Choose which webmail to run if any (values: roundcube, rainloop, none)
|
# Choose which webmail to run if any (values: roundcube, rainloop, none)
|
||||||
WEBMAIL=none
|
WEBMAIL=none
|
||||||
|
|
||||||
|
# Expose the admin interface in publicly (values: yes, no)
|
||||||
|
EXPOSE_ADMIN=no
|
||||||
|
|
||||||
###################################
|
###################################
|
||||||
# Mail settings
|
# Mail settings
|
||||||
###################################
|
###################################
|
||||||
|
|||||||
@@ -10,6 +10,7 @@ events {
|
|||||||
|
|
||||||
# Environment variables used in the configuration
|
# Environment variables used in the configuration
|
||||||
env WEBMAIL;
|
env WEBMAIL;
|
||||||
|
env EXPOSE_ADMIN;
|
||||||
|
|
||||||
http {
|
http {
|
||||||
# Standard HTTP configuration with slight hardening
|
# Standard HTTP configuration with slight hardening
|
||||||
@@ -42,6 +43,7 @@ http {
|
|||||||
|
|
||||||
# Load Lua variables
|
# Load Lua variables
|
||||||
set_by_lua $webmail 'return os.getenv("WEBMAIL")';
|
set_by_lua $webmail 'return os.getenv("WEBMAIL")';
|
||||||
|
set_by_lua $expose_admin 'return os.getenv("EXPOSE_ADMIN")';
|
||||||
|
|
||||||
# Actual logic
|
# Actual logic
|
||||||
|
|
||||||
@@ -50,11 +52,19 @@ http {
|
|||||||
proxy_pass http://webmail;
|
proxy_pass http://webmail;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($webmail = none) {
|
||||||
return 403;
|
return 403;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
location /admin {
|
location /admin {
|
||||||
|
if ($expose_admin = yes) {
|
||||||
proxy_pass http://admin;
|
proxy_pass http://admin;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($expose_admin != yes) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user