[Nginx] use python bootstrapper to start NGINX container

data/conf/nginx/templates/listen_plain.active.j2

@@ -0,0 +1,2 @@
+listen {{ HTTP_PORT }};
+listen [::]:{{ HTTP_PORT }};

data/conf/nginx/templates/listen_ssl.active.j2

@@ -0,0 +1,2 @@
+listen {{ HTTPS_PORT }} ssl http2;
+listen [::]:{{ HTTPS_PORT }} ssl http2;

data/conf/nginx/templates/nginx.conf.j2

@@ -41,7 +41,7 @@ http {
         https https;
     }
 
-    {% if HTTP_REDIRECT %}
+    {% if HTTP_REDIRECT|lower in ["y", "yes"] %}
     # HTTP to HTTPS redirect
     server {
         root /web;
@@ -65,16 +65,16 @@ http {
     server {
         listen 127.0.0.1:65510; # sogo-auth verify internal
 
-        {% if not HTTP_REDIRECT %}
-        listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        {% if not HTTP_REDIRECT|lower in ["y", "yes"] %}
+        listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %} proxy_protocol{%endif%};
         {%endif%}
-        listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %} proxy_protocol{%endif%} ssl;
 
-        {% if not DISABLE_IPv6 %}
-        {% if not HTTP_REDIRECT %}
-        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        {% if not DISABLE_IPv6|lower in ["y", "yes"] %}
+        {% if not HTTP_REDIRECT|lower in ["y", "yes"] %}
+        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %} proxy_protocol{%endif%};
         {%endif%}
-        listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %} proxy_protocol{%endif%} ssl;
         {%endif%}
 
         http2 on;
@@ -92,16 +92,16 @@ http {
     server {
         listen 127.0.0.1:65510; # sogo-auth verify internal
 
-        {% if not HTTP_REDIRECT %}
-        listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        {% if not HTTP_REDIRECT|lower in ["y", "yes"] %}
+        listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %} proxy_protocol{%endif%};
         {%endif%}
-        listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %} proxy_protocol{%endif%} ssl;
 
-        {% if not DISABLE_IPv6 %}
-        {% if not HTTP_REDIRECT %}
-        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        {% if not DISABLE_IPv6|lower in ["y", "yes"] %}
+        {% if not HTTP_REDIRECT|lower in ["y", "yes"] %}
+        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %} proxy_protocol{%endif%};
         {%endif%}
-        listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %} proxy_protocol{%endif%} ssl;
         {%endif%}
 
         http2 on;
@@ -118,7 +118,7 @@ http {
     # rspamd dynmaps:
     server {
         listen 8081;
-        {% if not DISABLE_IPv6 %}
+        {% if not DISABLE_IPv6|lower in ["y", "yes"] %}
         listen [::]:8081;
         {%endif%}
         index index.php index.html;
@@ -184,18 +184,18 @@ http {
 
     include /etc/nginx/conf.d/*.conf;
 
-    {% for cert in valid_cert_dirs %}
+    {% for cert in VALID_CERT_DIRS %}
     server {
-        {% if not HTTP_REDIRECT %}
-        listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        {% if not HTTP_REDIRECT|lower in ["y", "yes"] %}
+        listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %} proxy_protocol{%endif%};
         {%endif%}
-        listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %} proxy_protocol{%endif%} ssl;
 
-        {% if not DISABLE_IPv6 %}
-        {% if not HTTP_REDIRECT %}
-        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
+        {% if not DISABLE_IPv6|lower in ["y", "yes"] %}
+        {% if not HTTP_REDIRECT|lower in ["y", "yes"] %}
+        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %} proxy_protocol{%endif%};
         {%endif%}
-        listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
+        listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %} proxy_protocol{%endif%} ssl;
         {%endif%}
 
         http2 on;

data/conf/nginx/templates/server_name.active.j2

@@ -0,0 +1 @@
+server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.* {{ ADDITIONAL_SERVER_NAMES | join(' ') }};

data/conf/nginx/templates/sites-default.conf.j2

@@ -55,7 +55,7 @@ set_real_ip_from fc00::/7;
 {% for TRUSTED_PROXY in TRUSTED_PROXIES %}
 set_real_ip_from {{ TRUSTED_PROXY }};
 {% endfor %}
-{% if not NGINX_USE_PROXY_PROTOCOL %}
+{% if not NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %}
 real_ip_header X-Forwarded-For;
 {% else %}
 real_ip_header proxy_protocol;
@@ -137,28 +137,28 @@ location ~ /(?:m|M)ail/(?:c|C)onfig-v1.1.xml {
     try_files /autoconfig.php =404;
 }
 
-{% if not SKIP_RSPAMD %}
+{% if not SKIP_RSPAMD|lower in ["y", "yes"] %}
 location /rspamd/ {
     location /rspamd/auth {
       # proxy_pass is not inherited
       proxy_pass       http://{{ RSPAMDHOST }}:11334/auth;
       proxy_intercept_errors on;
       proxy_set_header Host      $http_host;
-      proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
-      proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
+      proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
+      proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
       proxy_redirect off;
       error_page 401 /_rspamderror.php;
     }
 
     proxy_pass       http://{{ RSPAMDHOST }}:11334/;
     proxy_set_header Host      $http_host;
-    proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
-    proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
+    proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
+    proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
     proxy_redirect off;
 }
 {% endif %}
 
-{% if not SKIP_SOGO %}
+{% if not SKIP_SOGO|lower in ["y", "yes"] %}
 location ^~ /principals {
     return 301 /SOGo/dav;
 }
@@ -184,8 +184,8 @@ location ^~ /Microsoft-Server-ActiveSync {
 
     proxy_pass http://{{ SOGOHOST }}:20000/SOGo/Microsoft-Server-ActiveSync;
 
-    proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
-    proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
+    proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
+    proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
     proxy_connect_timeout 75;
     proxy_send_timeout 3600;
     proxy_read_timeout 3600;
@@ -209,8 +209,8 @@ location ^~ /SOGo {
 
         proxy_pass http://{{ SOGOHOST }}:20000;
 
-        proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
-        proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
+        proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
+        proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
         proxy_set_header Host $http_host;
         proxy_set_header x-webobjects-server-protocol HTTP/1.0;
         proxy_set_header x-webobjects-remote-host $remote_addr;
@@ -231,8 +231,8 @@ location ^~ /SOGo {
 
     proxy_pass http://{{ SOGOHOST }}:20000;
 
-    proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
-    proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
+    proxy_set_header X-Forwarded-For {% if not NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %}$proxy_add_x_forwarded_for{% else %}$proxy_protocol_addr{%endif%};
+    proxy_set_header X-Real-IP {% if not NGINX_USE_PROXY_PROTOCOL|lower in ["y", "yes"] %}$remote_addr{% else %}$proxy_protocol_addr{%endif%};
     proxy_set_header Host $http_host;
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;