From 6e876be34bb2c1527715266719826ea4ba2d264f Mon Sep 17 00:00:00 2001
From: stefaweb <sleclerc@actionweb.fr>
Date: Sun, 1 Jul 2018 09:00:25 +0200
Subject: [PATCH 1/2] autodiscover config mods

Add https to
---
 .../scripts/files/nginx/automx.conf.tpl       | 37 +++++++++++++++++++
 modoboa_installer/scripts/nginx.py            |  2 +-
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/modoboa_installer/scripts/files/nginx/automx.conf.tpl b/modoboa_installer/scripts/files/nginx/automx.conf.tpl
index 4cd0591..50ece3b 100644
--- a/modoboa_installer/scripts/files/nginx/automx.conf.tpl
+++ b/modoboa_installer/scripts/files/nginx/automx.conf.tpl
@@ -6,6 +6,7 @@ server {
     listen 80;
     listen [::]:80;
     server_name %hostname;
+    root /srv/automx/instance;
 
     access_log /var/log/nginx/%{hostname}-access.log;
     error_log /var/log/nginx/%{hostname}-error.log;
@@ -15,3 +16,39 @@ server {
         uwsgi_pass automx;
     }
 }
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name autodiscover.{domain};
+    root /srv/automx/instance;
+
+    ssl_certificate %tls_cert_file;
+    ssl_certificate_key %tls_key_file;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_verify_depth 3;
+    ssl_dhparam /etc/nginx/dhparam.pem;
+
+    client_max_body_size 10M;
+
+    access_log /var/log/nginx/autodiscover.%{domain}-access.log;
+    error_log /var/log/nginx/autodiscover.%{domain}-error.log;
+
+    location ~* ^/autodiscover/autodiscover.xml {
+        include uwsgi_params;
+        uwsgi_pass automx;
+    }
+
+    location /mail/config-v1.1.xml {
+        include uwsgi_params;
+        uwsgi_pass automx;
+    }
+
+    location /mobileconfig {
+        include uwsgi_params;
+        uwsgi_pass automx;
+    }
+}
diff --git a/modoboa_installer/scripts/nginx.py b/modoboa_installer/scripts/nginx.py
index bbff33a..4f7c4f3 100644
--- a/modoboa_installer/scripts/nginx.py
+++ b/modoboa_installer/scripts/nginx.py
@@ -63,7 +63,7 @@ class Nginx(base.Installer):
                 self.config.get("general", "domain"))
             self._setup_config("automx", hostname)
             extra_modoboa_config = """
-    location /autodiscover/autodiscover.xml {
+    location ~* ^/autodiscover/autodiscover.xml {
         include uwsgi_params;
         uwsgi_pass automx;
     }

From 6422e7cdc7d2f3b43345b9d0f748c86b62a44551 Mon Sep 17 00:00:00 2001
From: stefaweb <sleclerc@actionweb.fr>
Date: Mon, 2 Jul 2018 11:10:04 +0200
Subject: [PATCH 2/2] Revert back mods

---
 .../scripts/files/nginx/automx.conf.tpl       | 36 -------------------
 1 file changed, 36 deletions(-)

diff --git a/modoboa_installer/scripts/files/nginx/automx.conf.tpl b/modoboa_installer/scripts/files/nginx/automx.conf.tpl
index 50ece3b..1bd748c 100644
--- a/modoboa_installer/scripts/files/nginx/automx.conf.tpl
+++ b/modoboa_installer/scripts/files/nginx/automx.conf.tpl
@@ -16,39 +16,3 @@ server {
         uwsgi_pass automx;
     }
 }
-
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name autodiscover.{domain};
-    root /srv/automx/instance;
-
-    ssl_certificate %tls_cert_file;
-    ssl_certificate_key %tls_key_file;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:10m;
-    ssl_verify_depth 3;
-    ssl_dhparam /etc/nginx/dhparam.pem;
-
-    client_max_body_size 10M;
-
-    access_log /var/log/nginx/autodiscover.%{domain}-access.log;
-    error_log /var/log/nginx/autodiscover.%{domain}-error.log;
-
-    location ~* ^/autodiscover/autodiscover.xml {
-        include uwsgi_params;
-        uwsgi_pass automx;
-    }
-
-    location /mail/config-v1.1.xml {
-        include uwsgi_params;
-        uwsgi_pass automx;
-    }
-
-    location /mobileconfig {
-        include uwsgi_params;
-        uwsgi_pass automx;
-    }
-}