summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/webmail/files/etc/nginx/sites-available/roundcube5
1 files changed, 4 insertions, 1 deletions
diff --git a/roles/webmail/files/etc/nginx/sites-available/roundcube b/roles/webmail/files/etc/nginx/sites-available/roundcube
index 0c54bf2..5bff410 100644
--- a/roles/webmail/files/etc/nginx/sites-available/roundcube
+++ b/roles/webmail/files/etc/nginx/sites-available/roundcube
@@ -3,41 +3,44 @@ server {
listen 80;
listen [::]:80 ipv6only=on;
server_name mail.fripost.org;
access_log /var/log/nginx/roundcube.access.log;
error_log /var/log/nginx/roundcube.error.log info;
return 301 https://$host$request_uri;
}
server {
listen 443;
listen [::]:443 ipv6only=on;
server_name mail.fripost.org;
root /var/lib/roundcube;
include ssl/config;
- ssl_certificate /etc/nginx/ssl/mail.fripost.org.pem;
+ # include the intermediate certificate, see
+ # - https://www.ssllabs.com/ssltest/analyze.html?d=mail.fripost.org
+ # - http://nginx.org/en/docs/http/configuring_https_servers.html
+ ssl_certificate /etc/nginx/ssl/mail.fripost.org.chained.pem;
ssl_certificate_key /etc/nginx/ssl/mail.fripost.org.key;
location = /favicon.ico {
root /usr/share/roundcube/skins/default/images;
log_not_found off;
access_log off;
expires max;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files, or files under hidden
# directories.
location ~ /\. { return 404; }
access_log /var/log/nginx/roundcube.access.log;
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-09 20:28:55 +0000