fix(email): do not block ips for email

2024-11-29 08:20:09 +01:00 · 2024-11-29 08:20:09 +01:00 · f739cb30c5
commit f739cb30c5
parent 098ed56c10
2 changed files with 38 additions and 37 deletions
--- a/root/etc/nginx/nginx.conf
+++ b/root/etc/nginx/nginx.conf
@ -98,47 +98,51 @@ stream {
  # HTTPS
  server {
-    access_log     syslog:server=unix:/dev/log geoip_with_upstream;
+    access_log        syslog:server=unix:/dev/log geoip_with_upstream;
-    listen         0.0.0.0:443;
+    listen            0.0.0.0:443;
-    listen         [::]:443;
+    listen            [::]:443;
-    proxy_pass     $selected_upstream;
+    proxy_pass        $selected_upstream;
-    proxy_protocol on;
+    proxy_protocol    on;
-    include        /etc/nginx/partials/server.conf;
+    resolver          9.9.9.9 1.1.1.1 8.8.8.8 8.8.4.4;
-    include        /etc/nginx/partials/blocked.conf;
+    set_real_ip_from  0.0.0.0/0;
-    include        /etc/nginx/partials/manual-blocks.conf;
+    ssl_preread       on;
    include           /etc/nginx/partials/blocked.conf;
    include           /etc/nginx/partials/manual-blocks.conf;
  }
  # GIT
  server {
-    access_log     syslog:server=unix:/dev/log geoip;
+    access_log        syslog:server=unix:/dev/log geoip;
-    listen         0.0.0.0:22;
+    listen            0.0.0.0:22;
-    listen         [::]:22;
+    listen            [::]:22;
-    proxy_pass     batuu.system.tjo.space:2244;
+    proxy_pass        batuu.system.tjo.space:2244;
-    proxy_protocol on;
+    proxy_protocol    on;
-    include        /etc/nginx/partials/server.conf;
+    resolver          9.9.9.9 1.1.1.1 8.8.8.8 8.8.4.4;
-    include        /etc/nginx/partials/blocked.conf;
+    set_real_ip_from  0.0.0.0/0;
-    include        /etc/nginx/partials/manual-blocks.conf;
+    include           /etc/nginx/partials/blocked.conf;
    include           /etc/nginx/partials/manual-blocks.conf;
  }
  # EMAIL
  server {
-    access_log     syslog:server=unix:/dev/log geoip;
+    access_log        syslog:server=unix:/dev/log geoip;
-    listen         0.0.0.0:25;
+    listen            0.0.0.0:25;
-    listen         [::]:25;
+    listen            [::]:25;
-    listen         0.0.0.0:143;
+    listen            0.0.0.0:143;
-    listen         [::]:143;
+    listen            [::]:143;
-    listen         0.0.0.0:465;
+    listen            0.0.0.0:465;
-    listen         [::]:465;
+    listen            [::]:465;
-    listen         0.0.0.0:587;
+    listen            0.0.0.0:587;
-    listen         [::]:587;
+    listen            [::]:587;
-    listen         0.0.0.0:993;
+    listen            0.0.0.0:993;
-    listen         [::]:993;
+    listen            [::]:993;
-    listen         0.0.0.0:4190;
+    listen            0.0.0.0:4190;
-    listen         [::]:4190;
+    listen            [::]:4190;
-    proxy_pass     nevaroo.system.tjo.space:$server_port;
+    proxy_pass        nevaroo.system.tjo.space:$server_port;
-    proxy_protocol on;
+    proxy_protocol    on;
-    include        /etc/nginx/partials/server.conf;
+    resolver          9.9.9.9 1.1.1.1 8.8.8.8 8.8.4.4;
-    include        /etc/nginx/partials/blocked.conf;
+    set_real_ip_from  0.0.0.0/0;
-    include        /etc/nginx/partials/manual-blocks.conf;
+    #include        /etc/nginx/partials/blocked.conf;
    #include        /etc/nginx/partials/manual-blocks.conf;
  }
 }
--- a/root/etc/nginx/partials/server.conf
+++ b/root/etc/nginx/partials/server.conf
@ -1,4 +1 @@
 # Default server configuration
 resolver              9.9.9.9 1.1.1.1 8.8.8.8 8.8.4.4;
 set_real_ip_from      0.0.0.0/0;
 ssl_preread           on;