Add mailcow

2025-02-15 10:30:44 +09:00 · 2025-02-15 10:30:44 +09:00 · a2a03018ce
commit a2a03018ce
parent ba8681d728
3 changed files with 37 additions and 24 deletions
--- a/03frontends.cfg
+++ b/03frontends.cfg
@ -309,6 +309,7 @@ frontend frontend_default
  acl kanboard hdr(host) -i kanboard.benoit.jp.net
  acl laminar hdr(host) -i laminar.benoit.jp.net
  acl linkding hdr(host) -i linkding.benoit.jp.net
+  acl mailcow hdr(host) -i mail.benoit.jp.net
  acl mastodon hdr(host) -i mastodon.benoit.jp.net
  acl miniflux hdr(host) -i miniflux.benoit.jp.net
  acl navidrome hdr(host) -i navidrome.benoit.jp.net
@ -319,6 +320,7 @@ frontend frontend_default

  http-request deny if adguard !JP !SG !letsencrypt
  http-request deny if kanboard !JP !SG !letsencrypt
+  http-request deny if mailcow !JP !SG !letsencrypt
  http-request deny if miniflux !JP !SG !letsencrypt
  http-request deny if navidrome !JP !SG !letsencrypt
  http-request deny if photoprism !JP !SG !letsencrypt
@ -331,6 +333,7 @@ frontend frontend_default
  use_backend laminar if laminar
  use_backend letsencrypt if letsencrypt
  use_backend linkding if linkding
+  use_backend mailcow if mailcow
  use_backend mastodon if mastodon
  use_backend miniflux if miniflux
  use_backend navidrome if navidrome
--- a/04listen.cfg
+++ b/04listen.cfg
@ -8,30 +8,30 @@ listen ssh
  server git-ssh forgejo.incus:10022 send-proxy check

 # Mailcow
-#  listen smtp
-#    bind :25
-#    bind :::25 v6only
-#      mode tcp
-#      option tcplog
-#    server mail 10.78.127.231:10025 send-proxy
-#  listen smtps
-#    bind :465
-#    bind :::465 v6only
-#      mode tcp
-#      option tcplog
-#    server mail 10.78.127.231:10465 send-proxy
-#  listen imaps
-#    bind :993
-#    bind :::993 v6only
-#      mode tcp
-#      option tcplog
-#    server mail 10.78.127.231:10993 send-proxy
-#  listen sieve
-#    bind :4190
-#    bind :::4190 v6only
-#      mode tcp
-#      option tcplog
-#    server mail 10.78.127.231:14190 send-proxy
+  listen smtp
+    bind :25
+    bind :::25 v6only
+      mode tcp
+      option tcplog
+    server mailcow mailcow.incus:10025 send-proxy
+  listen smtps
+    bind :465
+    bind :::465 v6only
+      mode tcp
+      option tcplog
+    server mailcow mailcow.incus:10465 send-proxy
+  listen imaps
+    bind :993
+    bind :::993 v6only
+      mode tcp
+      option tcplog
+    server mailcow mailcow.incus:10993 send-proxy
+  listen sieve
+    bind :4190
+    bind :::4190 v6only
+      mode tcp
+      option tcplog
+    server mailcow mailcow.incus:14190 send-proxy

 # Adguard
 listen adguard-dot
--- a/05backends.cfg
+++ b/05backends.cfg
@ -127,3 +127,13 @@ backend navidrome
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server navidrome navidrome.incus:4533 check
+
+backend mailcow
+  # set HSTS for one year after all responses
+  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+  # add some Security headers
+  http-response set-header X-Frame-Options "SAMEORIGIN"
+  http-response set-header X-Content-Type-Options "nosniff"
+  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
+  http-response set-header Cross-Origin-Resource-Policy "same-origin"
+  server navidrome mailcow.incus:80 check