MiaB - Security & .htaccess


i am new with MiaB and i thinks its a grade solution for my new Mailserver. But how is about security? Can i protect the Adminpanel, OwnCloud an Roundcube with a htaccess? First trys dont work.

I am using Ubuntu Server 14.04 absolute minimal ( VNC clean install )

Greetings from germany

htaccess is an Apache web server thing, but Mail-in-a-Box uses nginx.

In any case, I don’t recommend you modify the box because then you will be on your own when something goes wrong.

IP access restriction to the admin panel would be a very nice (and easy) add-on.

All that needs to be done is a modification of the /etc/nginx/conf.d/local.conf

With something like:

    location /admin/ {
            deny    all;
            proxy_set_header X-Forwarded-For $remote_addr;
1 Like

If you’re self hosting your MIAB this could also be easily handled with your firewall settings.

1 Like

Does anybody have some instructions on how to achieve this?
I also need to allow access to the Admin panel and webmail only for a certain IP.

I dont believe the above example actually will really work.

It might have worked in 2015 when I posted about it. :joy:

doesn’t proxy_pass mean, take anything that is at /admin and reverse proxy it back to the localhost address on port 10222 ? Does the admin webpage even run as a separate service on port 10222?

I took a look before replying now and that hasn’t changed.

Take a look at /etc/nginx/conf.d/local.conf

1 Like

Thank you!!!
Worked beautifuly! This should be integrated in the admin interface!!

1 Like

Ahhh yes, Looking at the file I can see what you mean now. Makes me really wonder how the admin page works now.

I can also confirm that adding the “allow” and “deny” statements work.

Not sure this is really needed if you turn on 2FA for admin page but why not, a bit of extra security can’t hurt.


1 Like