apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "mailproxy.fullname" . }}-nginxconf 
  labels:
    {{- include "mailproxy.labels" . | nindent 4 }}
data:
  phpfpm-conf: |-
    upstream backend {
      server {{ include "mailproxy.fullname" . }}-mailauth:9000;
    }

    server {
      listen 8080 default_server;

      server_name localhost;

      access_log /dev/stdout;
      error_log /dev/stderr;

      root /var/www/html;
      index index.php;

      location ~ /\.ht {
        deny  all;
      }

      location ~* ^.+.(css|js|jpeg|jpg|gif|png|ico) {
        expires 30d;
      }

      location ~ \.php$ {
        fastcgi_pass    backend;
        fastcgi_index   index.php;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include         fastcgi_params;
      }
    }
  imap-conf: |-
    server {
      listen 993;
      server_name localhost;
      protocol imap;
      auth_http localhost:8080/auth-mail.php;
      ssl on;
      proxy_pass_error_message on;
    }
  pop-conf: |-
    server {
      listen 995;
      server_name localhost;
      protocol pop3;
      auth_http localhost:8080/auth-mail.php;
      ssl on;
      proxy_pass_error_message on;
    }
  smtp-conf: |-
    server {
      listen 587;
      server_name localhost;
      protocol smtp;
      auth_http localhost:8080/auth-mail.php;
      starttls only;
      xclient on;
      proxy_pass_error_message on;
    }
  ssl-conf: |-
    ssl_certificate /etc/nginx/ssl/tls.crt;
    ssl_certificate_key /etc/nginx/ssl/tls.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
    ssl_prefer_server_ciphers   on;