nginx

nginx-balsillie-net/content/.well-known/autoconfig/mail

@@ -0,0 +1 @@
+../../mail/

nginx-balsillie-net/content/mail/config-v1.1.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<clientConfig version="1.1">
+  <emailProvider id="balsillie.net">
+    <domain>balsillie.net</domain>
+    <displayName>Balsillie Family</displayName>
+    <displayShortName>Home</displayShortName>
+    <incomingServer type="imap">
+      <hostname>imap.balsillie.net</hostname>
+      <port>993</port>
+      <socketType>SSL</socketType>
+      <authentication>password-encrypted</authentication>
+      <username>%EMAILLOCALPART%</username>
+    </incomingServer>
+    <outgoingServer type="smtp">
+      <hostname>smtp.balsillie.net</hostname>
+      <port>465</port>
+      <socketType>SSL</socketType>
+      <authentication>password-encrypted</authentication>
+      <username>%EMAILLOCALPART%</username>
+      <addThisServer>true</addThisServer>
+      <useGlobalPreferredServer>true</useGlobalPreferredServer>
+    </outgoingServer>
+  </emailProvider>
+	<addressBook type="carddav">
+		<username>%EMAILLOCALPART%</username>
+		<authentication>OAuth2</authentication>
+		<serverURL>https://cloud.balsillie.net/remote.php/dav/</serverURL>
+	</addressBook>
+	<calendar type="caldav">
+		<username>%EMAILLOCALPART%</username>
+		<authentication>OAuth2</authentication>
+		<serverURL>https://cloud.balsillie.net/remote.php/dav/</serverURL>
+	</calendar>
+	<fileShare type="webdav">
+		<username>%EMAILLOCALPART%</username>
+		<authentication>OAuth2</authentication>
+		<serverURL>https://cloud.balsillie.net/remote.php/dav/</serverURL>
+	</fileShare>
+	<webMail>
+		<loginPage url="https://mail.balsillie.net/" />
+	</webMail>
+	<oAuth2>
+    <issuer>https://auth.balsillie.net/realms/balsillie</issuer>
+    <scope>mail-w</scope>
+    <authURL>https://auth.balsillie.net/realms/balsillie/protocol/openid-connect/auth</authURL>
+    <tokenURL>https://auth.balsillie.net/realms/balsillie/protocol/openid-connect/token</tokenURL>
+  </oAuth2>
+</clientConfig>

nginx-balsillie-net/content/mta-sts/balsillie_email/.well-known/mta-sts.txt

@@ -1,5 +1,5 @@
 version: STSv1
-mode: enforce
+mode: testing
 mx: mail.protonmail.ch
 mx: mailsec.protonmail.ch
 max_age: 604800

nginx-balsillie-net/content/mta-sts/balsillie_net/.well-known/mta-sts.txt

@@ -1,4 +1,4 @@
 version: STSv1
 mode: enforce
 mx: smtp.balsillie.net
-max_age: 604800
+max_age: 2592000

nginx-balsillie-net/default.conf

@@ -1,25 +1,9 @@
 http2 on;
-ssl_certificate /usr/share/nginx/ssl/tls.crt;
-ssl_certificate_key /usr/share/nginx/ssl/tls.key;
-ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
-ssl_prefer_server_ciphers on;
-ssl_session_cache shared:SSL:10m;
-ssl_session_timeout 10m;
+real_ip_header X-Forwarded-For;
+set_real_ip_from ingress-nginx-controller-pods.ingress-nginx.svc.cluster00.balsillie.house;
 
 server {
     listen 8080;
-    server_name  balsillie.net balsillie.email openpgpkey.balsillie.net openpgpkey.balsillie.email;
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 8080 default_server;
-    return 444;
-}
-
-server {
-    listen 8443 ssl;
     server_name balsillie.net;
 
     location = /michael.vcf {
@@ -27,9 +11,9 @@ server {
         root   /usr/share/nginx/html;
     }
 
-    location = /.well-known/mta-sts.txt {
+    location = /.well-known/autoconfig/mail/config-v1.1.xml {
         default_type application/octet-stream;
-        root /usr/share/nginx/html/mta-sts/balsillie_net;
+        root /usr/share/nginx/html;
     }
 
     location /.well-known/host-meta {
@@ -49,14 +33,28 @@ server {
         root /usr/share/nginx/html;
     }
 
-    location / {
-        return 444;
+    location = / {
+        return 301 https://blog.balsillie.net/;
     }
 }
 
 server { 
-    listen 8443 ssl;
-    server_name balsillie.email;
+    listen 8080;
+    server_name mta-sts.balsillie.net;
+
+    location = /.well-known/mta-sts.txt {
+        default_type application/octet-stream;
+        root /usr/share/nginx/html/mta-sts/balsillie_net;
+    }
+
+    location / {
+        return 404;
+    }
+}
+
+server { 
+    listen 8080;
+    server_name mta-sts.balsillie.email;
 
     location = /.well-known/mta-sts.txt {
         default_type application/octet-stream;
@@ -64,12 +62,12 @@ server {
     }
 
     location / {
-        return 444;
+        return 404;
     }
 }
 
 server {
-    listen 8443 ssl;
+    listen 8080;
     server_name openpgpkey.balsillie.net openpgpkey.balsillie.email;
 
     location /.well-known/openpgpkey {
@@ -78,11 +76,39 @@ server {
     }
 
     location / {
-        return 444;
+        return 404;
     }
 }
 
 server {
-    listen 8443 ssl default_server;
-    ssl_reject_handshake on;
+    listen 8080;
+    server_name autoconfig.balsillie.net;
+
+    location = /mail/config-v1.1.xml {
+        default_type application/octet-stream;
+        root /usr/share/nginx/html;
+    }
+
+    location / {
+        return 404;
+    }
+
 }
+
+server {
+    listen 8080;
+    server_name account.balsillie.net auth-admin.balsillie.net;
+
+    location / {
+        return 301 https://auth.balsillie.net/realms/balsillie/account;
+    }
+}
+
+server {
+    listen 8080;
+    server_name notify.balsillie.net;
+
+    location / {
+        return 301 https://notify.balsillie.net:9000$request_uri;
+    }
+}