Fix dhparam and nginx cfg link

Fix Matrix admin password
Fix nginx configuration
2025-12-06 11:08:45 +00:00 · 2025-10-16 19:31:35 +02:00 · 2025-10-16 19:16:11 +02:00 · 2025-10-15 18:36:18 +02:00 · 2025-10-15 18:33:38 +02:00 · 2025-10-02 12:55:23 +02:00
4 changed files with 55 additions and 10 deletions
--- a/scripts/create-service-account
+++ b/scripts/create-service-account
@@ -36,7 +36,7 @@ ldbmodify -H /var/lib/samba/private/sam.ldb <<EOF
 dn: $DN
 changetype: modify
 replace: userWorkstations
-userWorkstations: NONE
+userWorkstations: "NOWORKSTATION"
 EOF

 echo
--- a/scripts/nextcloud-for-mailcow-dockerized.conf
+++ b/scripts/nextcloud-for-mailcow-dockerized.conf
@@ -0,0 +1,44 @@
+server {
+    listen 80;
+    listen [::]:80;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name cloud.domain.tld;
+
+    ssl_certificate     /etc/ssl/mail/cert.pem;
+    ssl_certificate_key /etc/ssl/mail/key.pem;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    # HTTP → HTTPS
+    if ($scheme = http) {
+        return 301 https://$host$request_uri;
+    }
+
+    location / {
+        proxy_pass https://cloud.domain.tld;
+
+        # Hostname & Forwarded-Header sauber durchreichen
+        proxy_set_header Host 192.168.178.253;        # explizit der Upstream-Name
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;  # TLS endet hier
+        proxy_set_header X-Forwarded-Host $host;   # also cloud.domain.tld
+        proxy_set_header X-Forwarded-Port 443;
+        proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host";
+        proxy_set_header Referrer-Policy "no-referrer";
+
+        proxy_connect_timeout 600;
+        proxy_send_timeout 600;
+        proxy_read_timeout 600;
+        send_timeout 600;
+        client_max_body_size 10G;
+    }
+
+    # CalDAV/CardDAV Redirects
+    location /.well-known/carddav { return 301 https://$host/remote.php/dav; }
+    location /.well-known/caldav { return 301 https://$host/remote.php/dav; }
+}
--- a/src/matrix/install-service.sh
+++ b/src/matrix/install-service.sh
@@ -154,6 +154,6 @@ systemctl restart matrix-synapse

 rm /var/www/element-release-key.asc /var/www/element-$MATRIX_ELEMENT_VERSION.tar.gz /var/www/element-$MATRIX_ELEMENT_VERSION.tar.gz.asc

-register_new_matrix_user -a -u $MATRIX_ADMIN_USER -p \'$MATRIX_ADMIN_PASSWORD\' -c /etc/matrix-synapse/conf.d/registration.yaml http://127.0.0.1:8008
+register_new_matrix_user -a -u $MATRIX_ADMIN_USER -p "$MATRIX_ADMIN_PASSWORD" -c /etc/matrix-synapse/conf.d/registration.yaml http://127.0.0.1:8008

 echo -e "Your matrix installation is now complete. Please login into your element:\nLogin:\t\t$MATRIX_ADMIN_USER\nPassword:\t$MATRIX_ADMIN_PASSWORD\n\n"
--- a/src/zammad/install-service.sh
+++ b/src/zammad/install-service.sh
@@ -39,16 +39,17 @@ ln -sf /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/nginx/ssl/fullchain.pem
 ln -sf /etc/ssl/private/ssl-cert-snakeoil.key /etc/nginx/ssl/privkey.pem
 ln -sf /etc/nginx/dhparam.pem /etc/nginx/ssl/dhparam.pem

-sed -e "s|server_name example.com;|server_name ${LXC_HOSTNAME}.${LXC_DOMAIN};|g" \
- -e "s|ssl_certificate /etc/nginx/ssl/example.com-fullchain.pem;|ssl_certificate /etc/nginx/ssl/fullchain.pem;|g" \
- -e "s|ssl_certificate_key /etc/nginx/ssl/example.com-privkey.pem;|ssl_certificate_key /etc/nginx/ssl/privkey.pem;|g" \
- -e "s|ssl_protocols TLSv1.2;|ssl_protocols TLSv1.2 TLSv1.3;|g" \
- -e "s|ssl_trusted_certificate /etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem;|#  ssl_trusted_certificate /etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem;|g" \
+echo "Customizing nginx configuration..."
+sed -e "s|$(grep -m1 server_name /opt/zammad/contrib/nginx/zammad_ssl.conf)|server_name ${LXC_HOSTNAME}.${LXC_DOMAIN};|g" \
+ -e "s|$(grep -m1 ssl_certificate /opt/zammad/contrib/nginx/zammad_ssl.conf)|ssl_certificate /etc/nginx/ssl/fullchain.pem;|g" \
+ -e "s|$(grep -m1 ssl_certificate_key /opt/zammad/contrib/nginx/zammad_ssl.conf)|ssl_certificate_key /etc/nginx/ssl/privkey.pem;|g" \
+ -e "s|$(grep -m1 ssl_protocols /opt/zammad/contrib/nginx/zammad_ssl.conf)|ssl_protocols TLSv1.2 TLSv1.3;|g" \
+ -e "s|$(grep -m1 ssl_dhparam /opt/zammad/contrib/nginx/zammad_ssl.conf)|ssl_dhparam /etc/nginx/ssl/dhparam.pem;|g" \
+ -e "s|$(grep -m1 ssl_trusted_certificate /opt/zammad/contrib/nginx/zammad_ssl.conf)|#  ssl_trusted_certificate /etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem;|g" \
 /opt/zammad/contrib/nginx/zammad_ssl.conf > /etc/nginx/sites-available/zammad_ssl.conf

 ln -sf /etc/nginx/sites-available/zammad_ssl.conf /etc/nginx/sites-enabled/

-
 # configure elasticsearch
 /usr/share/elasticsearch/bin/elasticsearch-plugin install -b ingest-attachment
Author	SHA1	Message	Date
Thorsten Spille	a31ebfb0e3	Fix dhparam and nginx cfg link	2025-10-16 19:31:35 +02:00
Thorsten Spille	85caaac848	Fix Matrix admin password	2025-10-16 19:16:11 +02:00
Thorsten Spille	818cbfc732	Fix nginx configuration	2025-10-15 18:36:18 +02:00
Thorsten Spille	664bc6ac5e	Fix zammad nginx configuration	2025-10-15 18:33:38 +02:00
Chriz	0460e3e5a1	Update nextcloud-for-mailcow-dockerized.conf fixes	2025-10-02 12:55:23 +02:00
Chriz	5b263acbb2	Rename nextcloud.conf to nextcloud-for-mailcow-dockerized.conf This is an Example for Nextcloud Upstream with Mailcow Dockerized as Reverse Proxy	2025-10-02 12:47:05 +02:00
Chriz	3ee9538074	Create nextcloud.conf Upstream as Reverse Proxy	2025-10-02 12:45:52 +02:00
Thorsten Spille	75559ca34b	rename computername for service login	2025-09-29 20:40:22 +02:00
Thorsten Spille	a3bd70732f	Merge pull request #132 from bashclub/main Move fixes in main to dev	2025-09-29 20:37:23 +02:00