For proxying Roundcube, nginx works great.
My nginx server is TLS-only, and proxies everything for another server, hence the location of "/", such as "nginx-server.tld/roundcube => rc-server.tld/roundcube". It looks like you might want "/webmail" on the proxy, and "/" on the roundcube host, so replace my "location /" with "location /webmail/" below.
location /webmail {
rewrite ^/webmail /webmail/ permanent;
}
location /webmail/ {
...
}
My example config:
#
# HTTPS only server
#
server {
listen 443;
server_name your.hostname.tld;
error_log /var/log/nginx/error.log warn;
ssl on;
ssl_certificate /etc/ssl/your-certs/your-cert.pem;
ssl_certificate_key /etc/ssl/your-certs/your-cert.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:MEDIUM:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
# Public Key Pinning
add_header Public-Key-Pins 'pin-sha256="key-fingerprint...=; max-age=5184000; includeSubDomains';
location / {
proxy_http_version 1.1;
proxy_redirect default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for;
}
}
Good luck!