diff --git a/nginx-balsillie-net/content/.well-known/autoconfig/mail b/nginx-balsillie-net/content/.well-known/autoconfig/mail new file mode 120000 index 0000000..5b686b2 --- /dev/null +++ b/nginx-balsillie-net/content/.well-known/autoconfig/mail @@ -0,0 +1 @@ +../../mail/ \ No newline at end of file diff --git a/nginx-balsillie-net/content/mail/config-v1.1.xml b/nginx-balsillie-net/content/mail/config-v1.1.xml new file mode 100644 index 0000000..406bf85 --- /dev/null +++ b/nginx-balsillie-net/content/mail/config-v1.1.xml @@ -0,0 +1,48 @@ + + + + balsillie.net + Balsillie Family + Home + + imap.balsillie.net + 993 + SSL + password-encrypted + %EMAILLOCALPART% + + + smtp.balsillie.net + 465 + SSL + password-encrypted + %EMAILLOCALPART% + true + true + + + + %EMAILLOCALPART% + OAuth2 + https://cloud.balsillie.net/remote.php/dav/ + + + %EMAILLOCALPART% + OAuth2 + https://cloud.balsillie.net/remote.php/dav/ + + + %EMAILLOCALPART% + OAuth2 + https://cloud.balsillie.net/remote.php/dav/ + + + + + + https://auth.balsillie.net/realms/balsillie + mail-w + https://auth.balsillie.net/realms/balsillie/protocol/openid-connect/auth + https://auth.balsillie.net/realms/balsillie/protocol/openid-connect/token + + \ No newline at end of file diff --git a/nginx-balsillie-net/content/mta-sts/balsillie_email/.well-known/mta-sts.txt b/nginx-balsillie-net/content/mta-sts/balsillie_email/.well-known/mta-sts.txt index 55a41cf..8d7f891 100644 --- a/nginx-balsillie-net/content/mta-sts/balsillie_email/.well-known/mta-sts.txt +++ b/nginx-balsillie-net/content/mta-sts/balsillie_email/.well-known/mta-sts.txt @@ -1,5 +1,5 @@ version: STSv1 -mode: enforce +mode: testing mx: mail.protonmail.ch mx: mailsec.protonmail.ch max_age: 604800 diff --git a/nginx-balsillie-net/content/mta-sts/balsillie_net/.well-known/mta-sts.txt b/nginx-balsillie-net/content/mta-sts/balsillie_net/.well-known/mta-sts.txt index c3af9e7..590da7a 100644 --- a/nginx-balsillie-net/content/mta-sts/balsillie_net/.well-known/mta-sts.txt +++ b/nginx-balsillie-net/content/mta-sts/balsillie_net/.well-known/mta-sts.txt @@ -1,4 +1,4 @@ version: STSv1 mode: enforce mx: smtp.balsillie.net -max_age: 604800 +max_age: 2592000 diff --git a/nginx-balsillie-net/default.conf b/nginx-balsillie-net/default.conf index 2dd4050..408463a 100644 --- a/nginx-balsillie-net/default.conf +++ b/nginx-balsillie-net/default.conf @@ -1,25 +1,9 @@ http2 on; -ssl_certificate /usr/share/nginx/ssl/tls.crt; -ssl_certificate_key /usr/share/nginx/ssl/tls.key; -ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM; -ssl_prefer_server_ciphers on; -ssl_session_cache shared:SSL:10m; -ssl_session_timeout 10m; +real_ip_header X-Forwarded-For; +set_real_ip_from ingress-nginx-controller-pods.ingress-nginx.svc.cluster00.balsillie.house; server { listen 8080; - server_name balsillie.net balsillie.email openpgpkey.balsillie.net openpgpkey.balsillie.email; - return 301 https://$host$request_uri; -} - -server { - listen 8080 default_server; - return 444; -} - -server { - listen 8443 ssl; server_name balsillie.net; location = /michael.vcf { @@ -27,9 +11,9 @@ server { root /usr/share/nginx/html; } - location = /.well-known/mta-sts.txt { + location = /.well-known/autoconfig/mail/config-v1.1.xml { default_type application/octet-stream; - root /usr/share/nginx/html/mta-sts/balsillie_net; + root /usr/share/nginx/html; } location /.well-known/host-meta { @@ -49,14 +33,28 @@ server { root /usr/share/nginx/html; } - location / { - return 444; + location = / { + return 301 https://blog.balsillie.net/; } } server { - listen 8443 ssl; - server_name balsillie.email; + listen 8080; + server_name mta-sts.balsillie.net; + + location = /.well-known/mta-sts.txt { + default_type application/octet-stream; + root /usr/share/nginx/html/mta-sts/balsillie_net; + } + + location / { + return 404; + } +} + +server { + listen 8080; + server_name mta-sts.balsillie.email; location = /.well-known/mta-sts.txt { default_type application/octet-stream; @@ -64,12 +62,12 @@ server { } location / { - return 444; + return 404; } } server { - listen 8443 ssl; + listen 8080; server_name openpgpkey.balsillie.net openpgpkey.balsillie.email; location /.well-known/openpgpkey { @@ -78,11 +76,39 @@ server { } location / { - return 444; + return 404; } } server { - listen 8443 ssl default_server; - ssl_reject_handshake on; + listen 8080; + server_name autoconfig.balsillie.net; + + location = /mail/config-v1.1.xml { + default_type application/octet-stream; + root /usr/share/nginx/html; + } + + location / { + return 404; + } + } + +server { + listen 8080; + server_name account.balsillie.net auth-admin.balsillie.net; + + location / { + return 301 https://auth.balsillie.net/realms/balsillie/account; + } +} + +server { + listen 8080; + server_name notify.balsillie.net; + + location / { + return 301 https://notify.balsillie.net:9000$request_uri; + } +} \ No newline at end of file