From 5fbdc57fd38a3277864cde8465f5b25936e98ba5 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Sun, 13 Nov 2016 20:22:15 +0000
Subject: [PATCH] Link to the administrator's keyring

---
 src/freedombone-app-mailpile | 27 +++++++++++++++++++++------
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/src/freedombone-app-mailpile b/src/freedombone-app-mailpile
index a8945ea25..b3cb1dd4a 100755
--- a/src/freedombone-app-mailpile
+++ b/src/freedombone-app-mailpile
@@ -319,10 +319,13 @@ function install_mailpile {
         echo '  location / {' >> $mailpile_nginx_site
         function_check nginx_limits
         nginx_limits $MAILPILE_DOMAIN_NAME '15m'
-        echo "    proxy_pass        http://localhost:${MAILPILE_PORT}/;" >> $mailpile_nginx_site
-        echo '    proxy_set_header X-Forwarded-Host $host;' >> $mailpile_nginx_site
-        echo '    proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
+        echo '    rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
+        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
         echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
+        echo '    proxy_set_header Host $http_host;' >> $mailpile_nginx_site
+        echo '    proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
+        echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
+        echo '    proxy_redirect off;' >> $mailpile_nginx_site
         echo '  }' >> $mailpile_nginx_site
         echo '' >> $mailpile_nginx_site
         nginx_keybase ${MAILPILE_DOMAIN_NAME}
@@ -347,10 +350,13 @@ function install_mailpile {
     echo '  location / {' >> $mailpile_nginx_site
     function_check nginx_limits
     nginx_limits $MAILPILE_DOMAIN_NAME '15m'
-    echo "    proxy_pass        http://localhost:${MAILPILE_PORT}/;" >> $mailpile_nginx_site
-    echo '    proxy_set_header X-Forwarded-Host $host;' >> $mailpile_nginx_site
-    echo '    proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
+    echo '    rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
+    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
     echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
+    echo '    proxy_set_header Host $http_host;' >> $mailpile_nginx_site
+    echo '    proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
+    echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
+    echo '    proxy_redirect off;' >> $mailpile_nginx_site
     echo '  }' >> $mailpile_nginx_site
     echo '' >> $mailpile_nginx_site
     nginx_keybase ${MAILPILE_DOMAIN_NAME}
@@ -396,6 +402,15 @@ function install_mailpile {
     # if strict https is enforced then buttons don't work. This is probably a security bug
     sed -i "s/Content-Security-Policy/d" $mailpile_nginx_site
 
+    # link to the administrator's keyring
+    if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg ]; then
+        mv /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg_orig
+    fi
+    ln -s /home/$MY_USERNAME/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/
+    chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
+    # unless the directory is executable we can't log in
+    chmod +x /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
+
     systemctl enable mailpile
     systemctl daemon-reload
     systemctl start mailpile
-- 
GitLab