Add redirect HTTP tp HTTPS in NGING config

[Scuruba]

Summary

Redirect HTTP to HTTPS is not activated at default and was only possible via creating a new file.
https://docs.mailcow.email/manual-guides/u_e-80_to_443/

For me, his will not work anymore after updating to 2025.1. The file will be imported, but the ports and sites will be doubled with nginx.conf.j2

Motivation

The redirect should work and also be the standard configuration.
I think the best option is to add it in the "nginx.conf.j2" file and define a config variable to deactivate it.

Additional context

I tried to change the file as described, but was not able to set the variable in mailcow.conf, so the configuration was changed.

[Scuruba]

#Scuruba@f8fbba2

[mac-linux-free]

How can I test this feature?

[Scuruba]

#Scuruba@f8fbba2

You can change the nginx.conf.j2 file like in my commit. But not with the variable REDIRECT_HTTP, but as if it had been answered with yes.
I try to make a commit with the other changes I made next week, but unfortunately that didn't work for me with the variables.

The config itself is working.

[Clete2]

You should open a PR for this feature. REDIRECT_HTTP should default to yes when HTTP is enabled.

[Scuruba]

I've opened now the PR #6265, with my (not working) changed. It would be very helpful if someone would take a look at the changes.

[kovacs-andras]

My dirty fix is to move the content of data/conf/nginx/redirect.conf into this template: data/conf/nginx/templates/nginx.conf.j2
And move/remove the redirect.conf file so they won't collide.
It's ugly, but works for me now (after a compose down-up of nginx-mailcow) and will definitely revert it later.
I also emitted the nginx version from the response header which was visible before the update also.

root@mail-redacted:/opt/mailcow-dockerized/data/conf/nginx# git diff
diff --git a/data/conf/nginx/templates/nginx.conf.j2 b/data/conf/nginx/templates/nginx.conf.j2
index bcb4612b..439d18bf 100644
--- a/data/conf/nginx/templates/nginx.conf.j2
+++ b/data/conf/nginx/templates/nginx.conf.j2
@@ -41,6 +41,23 @@ http {
         https https;
     }
 
+    server_tokens off;
+
+    # HTTP redirect
+    server {
+        root /web;
+        listen 80 default_server;
+        include /etc/nginx/conf.d/server_name.active;
+        if ( $request_uri ~* "%0A|%0D" ) { return 403; }
+          location ^~ /.well-known/acme-challenge/ {
+               allow all;
+               default_type "text/plain";
+          }
+          location / {
+               return 301 https://$host$uri$is_args$args;
+          }
+     }
+
     # Default
     server {
         listen 127.0.0.1:65510; # sogo-auth verify internal

[FreddleSpl0it]

Will be fixed in the next release
e645f93