Link to the administrator's keyring

src/freedombone-app-mailpile

@@ -319,10 +319,13 @@ function install_mailpile {
         echo '  location / {' >> $mailpile_nginx_site
         function_check nginx_limits
         nginx_limits $MAILPILE_DOMAIN_NAME '15m'
-        echo "    proxy_pass        http://localhost:${MAILPILE_PORT}/;" >> $mailpile_nginx_site
-        echo '    proxy_set_header X-Forwarded-Host $host;' >> $mailpile_nginx_site
-        echo '    proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
+        echo '    rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
+        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
         echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
+        echo '    proxy_set_header Host $http_host;' >> $mailpile_nginx_site
+        echo '    proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
+        echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
+        echo '    proxy_redirect off;' >> $mailpile_nginx_site
         echo '  }' >> $mailpile_nginx_site
         echo '' >> $mailpile_nginx_site
         nginx_keybase ${MAILPILE_DOMAIN_NAME}
@@ -347,10 +350,13 @@ function install_mailpile {
     echo '  location / {' >> $mailpile_nginx_site
     function_check nginx_limits
     nginx_limits $MAILPILE_DOMAIN_NAME '15m'
-    echo "    proxy_pass        http://localhost:${MAILPILE_PORT}/;" >> $mailpile_nginx_site
-    echo '    proxy_set_header X-Forwarded-Host $host;' >> $mailpile_nginx_site
-    echo '    proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
+    echo '    rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
+    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
     echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
+    echo '    proxy_set_header Host $http_host;' >> $mailpile_nginx_site
+    echo '    proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
+    echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
+    echo '    proxy_redirect off;' >> $mailpile_nginx_site
     echo '  }' >> $mailpile_nginx_site
     echo '' >> $mailpile_nginx_site
     nginx_keybase ${MAILPILE_DOMAIN_NAME}
@@ -396,6 +402,15 @@ function install_mailpile {
     # if strict https is enforced then buttons don't work. This is probably a security bug
     sed -i "s/Content-Security-Policy/d" $mailpile_nginx_site
 
+    # link to the administrator's keyring
+    if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg ]; then
+        mv /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg_orig
+    fi
+    ln -s /home/$MY_USERNAME/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/
+    chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
+    # unless the directory is executable we can't log in
+    chmod +x /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
+
     systemctl enable mailpile
     systemctl daemon-reload
     systemctl start mailpile