mirror of
https://github.com/mjl-/mox.git
synced 2025-07-10 07:14:40 +03:00
improve http request handling for internal services and multiple domains
per listener, you could enable the admin/account/webmail/webapi handlers. but that would serve those services on their configured paths (/admin/, /, /webmail/, /webapi/) on all domains mox would be webserving, including any non-mail domains. so your www.example/admin/ would be serving the admin web interface, with no way to disabled that. with this change, the admin interface is only served on requests to (based on Host header): - ip addresses - the listener host name (explicitly configured in the listener, with fallback to global hostname) - "localhost" (for ssh tunnel/forwarding scenario's) the account/webmail/webapi interfaces are served on the same domains as the admin interface, and additionally: - the client settings domains, as optionally configured in each Domain in domains.conf. typically "mail.<yourdomain>". this means the internal services are no longer served on other domains configured in the webserver, e.g. www.example.org/admin/ will not be handled specially. the order of evaluation of routes/services is also changed: before this change, the internal handlers would always be evaluated first. with this change, only the system handlers for MTA-STS/autoconfig/ACME-validation will be evaluated first. then the webserver handlers. and finally the internal services (admin/account/webmail/webapi). this allows an admin to configure overrides for some of the domains (per hostname-matching rules explained above) that would normally serve these services. webserver handlers can now be configured that pass the request to an internal service: in addition to the existing static/redirect/forward config options, there is now an "internal" config option, naming the service (admin/account/webmail/webapi) for handling the request. this allows enabling the internal services on custom domains. for issue #160 by TragicLifeHu, thanks for reporting!
This commit is contained in:
@ -172,7 +172,10 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
|
||||
# NATed. Skips IP-related DNS self-checks. (optional)
|
||||
IPsNATed: false
|
||||
|
||||
# If empty, the config global Hostname is used. (optional)
|
||||
# If empty, the config global Hostname is used. The internal services webadmin,
|
||||
# webaccount, webmail and webapi only match requests to IPs, this hostname,
|
||||
# "localhost". All except webadmin also match for any client settings domain.
|
||||
# (optional)
|
||||
Hostname:
|
||||
|
||||
# For SMTP/IMAP STARTTLS, direct TLS and HTTPS connections. (optional)
|
||||
@ -303,7 +306,8 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
|
||||
AccountHTTP:
|
||||
Enabled: false
|
||||
|
||||
# Default 80 for HTTP and 443 for HTTPS. (optional)
|
||||
# Default 80 for HTTP and 443 for HTTPS. See Hostname at Listener for hostname
|
||||
# matching behaviour. (optional)
|
||||
Port: 0
|
||||
|
||||
# Path to serve requests on. (optional)
|
||||
@ -318,7 +322,8 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
|
||||
AccountHTTPS:
|
||||
Enabled: false
|
||||
|
||||
# Default 80 for HTTP and 443 for HTTPS. (optional)
|
||||
# Default 80 for HTTP and 443 for HTTPS. See Hostname at Listener for hostname
|
||||
# matching behaviour. (optional)
|
||||
Port: 0
|
||||
|
||||
# Path to serve requests on. (optional)
|
||||
@ -336,7 +341,8 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
|
||||
AdminHTTP:
|
||||
Enabled: false
|
||||
|
||||
# Default 80 for HTTP and 443 for HTTPS. (optional)
|
||||
# Default 80 for HTTP and 443 for HTTPS. See Hostname at Listener for hostname
|
||||
# matching behaviour. (optional)
|
||||
Port: 0
|
||||
|
||||
# Path to serve requests on. (optional)
|
||||
@ -351,7 +357,8 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
|
||||
AdminHTTPS:
|
||||
Enabled: false
|
||||
|
||||
# Default 80 for HTTP and 443 for HTTPS. (optional)
|
||||
# Default 80 for HTTP and 443 for HTTPS. See Hostname at Listener for hostname
|
||||
# matching behaviour. (optional)
|
||||
Port: 0
|
||||
|
||||
# Path to serve requests on. (optional)
|
||||
@ -365,7 +372,8 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
|
||||
WebmailHTTP:
|
||||
Enabled: false
|
||||
|
||||
# Default 80 for HTTP and 443 for HTTPS. (optional)
|
||||
# Default 80 for HTTP and 443 for HTTPS. See Hostname at Listener for hostname
|
||||
# matching behaviour. (optional)
|
||||
Port: 0
|
||||
|
||||
# Path to serve requests on. (optional)
|
||||
@ -380,7 +388,8 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
|
||||
WebmailHTTPS:
|
||||
Enabled: false
|
||||
|
||||
# Default 80 for HTTP and 443 for HTTPS. (optional)
|
||||
# Default 80 for HTTP and 443 for HTTPS. See Hostname at Listener for hostname
|
||||
# matching behaviour. (optional)
|
||||
Port: 0
|
||||
|
||||
# Path to serve requests on. (optional)
|
||||
@ -394,7 +403,8 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
|
||||
WebAPIHTTP:
|
||||
Enabled: false
|
||||
|
||||
# Default 80 for HTTP and 443 for HTTPS. (optional)
|
||||
# Default 80 for HTTP and 443 for HTTPS. See Hostname at Listener for hostname
|
||||
# matching behaviour. (optional)
|
||||
Port: 0
|
||||
|
||||
# Path to serve requests on. (optional)
|
||||
@ -409,7 +419,8 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
|
||||
WebAPIHTTPS:
|
||||
Enabled: false
|
||||
|
||||
# Default 80 for HTTP and 443 for HTTPS. (optional)
|
||||
# Default 80 for HTTP and 443 for HTTPS. See Hostname at Listener for hostname
|
||||
# matching behaviour. (optional)
|
||||
Port: 0
|
||||
|
||||
# Path to serve requests on. (optional)
|
||||
@ -1225,12 +1236,15 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
|
||||
WebDomainRedirects:
|
||||
x:
|
||||
|
||||
# Handle webserver requests by serving static files, redirecting or
|
||||
# reverse-proxying HTTP(s). The first matching WebHandler will handle the request.
|
||||
# Built-in handlers, e.g. for account, admin, autoconfig and mta-sts always run
|
||||
# first. If no handler matches, the response status code is file not found (404).
|
||||
# If functionality you need is missng, simply forward the requests to an
|
||||
# application that can provide the needed functionality. (optional)
|
||||
# Handle webserver requests by serving static files, redirecting, reverse-proxying
|
||||
# HTTP(s) or passing the request to an internal service. The first matching
|
||||
# WebHandler will handle the request. Built-in system handlers, e.g. for ACME
|
||||
# validation, autoconfig and mta-sts always run first. Built-in handlers for
|
||||
# admin, account, webmail and webapi are evaluated after all handlers, including
|
||||
# webhandlers (allowing for overrides of internal services for some domains). If
|
||||
# no handler matches, the response status code is file not found (404). If
|
||||
# webserver features are missing, forward the requests to an application that
|
||||
# provides the needed functionality itself. (optional)
|
||||
WebHandlers:
|
||||
-
|
||||
|
||||
@ -1238,7 +1252,7 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
|
||||
LogName:
|
||||
|
||||
# Both Domain and PathRegexp must match for this WebHandler to match a request.
|
||||
# Exactly one of WebStatic, WebRedirect, WebForward must be set.
|
||||
# Exactly one of WebStatic, WebRedirect, WebForward, WebInternal must be set.
|
||||
Domain:
|
||||
|
||||
# Regular expression matched against request path, must always start with ^ to
|
||||
@ -1345,6 +1359,15 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
|
||||
ResponseHeaders:
|
||||
x:
|
||||
|
||||
# Pass request to internal service, like webmail, webapi, etc. (optional)
|
||||
WebInternal:
|
||||
|
||||
# Path to use as root of internal service, e.g. /webmail/.
|
||||
BasePath:
|
||||
|
||||
# Name of the service, values: admin, account, webmail, webapi.
|
||||
Service:
|
||||
|
||||
# Routes for delivering outgoing messages through the queue. Each delivery attempt
|
||||
# evaluates account routes, domain routes and finally these global routes. The
|
||||
# transport of the first matching route is used in the delivery attempt. If no
|
||||
|
Reference in New Issue
Block a user