Update broke nginx instance

[dawid-woitaschek]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Hi,

I do have an urgent problem right after a mailcow update today... Seems like it broke nginx ports:

services.nginx-mailcow.ports contains an invalid type, it should be a number, or an object
services.nginx-mailcow.ports contains an invalid type, it should be a number, or an object

Oh no, something went wrong. Please check the error message above.```

### Logs

```bash
-mailcow:
      depends_on:
        - sogo-mailcow
        - php-fpm-mailcow
        - redis-mailcow
      image: nginx:mainline-alpine
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_plain.active &&
        envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active &&
        envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active &&
        . /etc/nginx/conf.d/templates/server_name.template.sh > /etc/nginx/conf.d/server_name.active &&
        . /etc/nginx/conf.d/templates/sites.template.sh > /etc/nginx/conf.d/sites.active &&
        . /etc/nginx/conf.d/templates/sogo_eas.template.sh > /etc/nginx/conf.d/sogo_eas.active &&
        nginx -qt &&
        until ping phpfpm -c1 > /dev/null; do sleep 1; done &&
        until ping sogo -c1 > /dev/null; do sleep 1; done &&
        until ping redis -c1 > /dev/null; do sleep 1; done &&
        until ping rspamd -c1 > /dev/null; do sleep 1; done &&
        exec nginx -g 'daemon off;'"
      environment:
        - HTTPS_PORT=${HTTPS_PORT:-443}
        - HTTP_PORT=${HTTP_PORT:-80}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - TZ=${TZ}
        - SKIP_SOGO=${SKIP_SOGO:-n}
        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
        - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
      volumes:
        - ./data/web:/web:ro,z
        - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
        - ./data/assets/ssl/:/etc/ssl/mail/:ro,z
        - ./data/conf/nginx/:/etc/nginx/conf.d/:z
        - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
        - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
      ports:
        - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
        - "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
      restart: always
      networks:
        mailcow-network:
          aliases:
            - nginx

Steps to reproduce

1. In my case just start the update which only will update nginx (at least here).

System information

Question	Answer
My operating system	Ubuntu 20.04.4 LTS
Is Apparmor, SELinux or similar active?	Nope.
Virtualization technology (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported	Nope.
Server/VM specifications (Memory, CPU Cores)	Enough.
Docker version (docker version)	20.10.17
docker-compose version (docker-compose version)	1.29.2
mailcow version (git describe --tags `git rev-list --tags --max-count=1`)	2022-06b
Reverse proxy (custom solution)	Traefik stuff

Output of git diff origin/master, any other changes to the code? If so, please post them:

diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index a445b60c..2dd1858c 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -198,3 +198,22 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks

 # DO NOT EDIT ANYTHING BELOW #
 # User overrides #
+
+myhostname = XXX
+smtpd_tls_loglevel = 1
+
+###TLS hardening (basic)
+smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+
+###TLS hardening (Mozilla)
+smtpd_tls_security_level = may
+smtpd_tls_auth_only = yes
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtpd_tls_mandatory_ciphers = medium
+
+tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+tls_preempt_cipherlist = yes
+
+mail_name = NotYourAverageMailServer
diff --git a/docker-compose.yml b/docker-compose.yml
index a563df91..753901aa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -580,36 +580,6 @@ services:
           aliases:
             - ofelia

-    ipv6nat-mailcow:
-      depends_on:
-        - unbound-mailcow
-        - mysql-mailcow
-        - redis-mailcow
-        - clamd-mailcow
-        - rspamd-mailcow
-        - php-fpm-mailcow
-        - sogo-mailcow
-        - dovecot-mailcow
-        - postfix-mailcow
-        - memcached-mailcow
-        - nginx-mailcow
-        - acme-mailcow
-        - netfilter-mailcow
-        - watchdog-mailcow
-        - dockerapi-mailcow
-        - solr-mailcow
-      environment:
-        - TZ=${TZ}
-      image: robbertkl/ipv6nat
-      security_opt:

[dawid-woitaschek]

Okay guys, I just set HTTP_BIND to "0.0.0.0" as it was emtpy before and now it's working again - sorry!

[NoobKeksTV]

oh ye just got the same issue, and i changed it to say

${HTTP_BIND:-0.0.0.0} ${HTTPS_BIND:-0.0.0.0}

instead of

${HTTP_BIND:-} ${HTTPS_BIND:-}

now it works