eliseuamaro
/
gnu-social
forked from GNUsocial/gnu-social
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[DOCKER][MAIL] Fixed small bug with ssl certificates

This commit is contained in:
Pastilhas 2020-11-02 20:04:16 +00:00 committed by Hugo Sales
parent 11dbbef351
commit cea170ed18
Signed by untrusted user: someonewithpc
GPG Key ID: 7D0C7EAFC9D835A0
4 changed files with 37 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
docker-compose.yaml
View File

@ -82,25 +82,29 @@ services:
restart: always
tty: false
ports:
- 6379:6379
- 6379:6379
mail:
build: docker/php
restart: always
tty: true
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
build: docker/mail
environment:
- DOMAINNAME=mail.test
- HOSTNAME=mail
- POSTMASTER=postmaster@mail.test
- SSL_CERT=/etc/dovecot/ssl/mailserver.crt
- SSL_KEY=/etc/dovecot/ssl/mailserver.key
DOMAINNAME: mail.test
MAILNAME: mail.mail.test
POSTMASTER: postmaster@mail.test
env_file:
- ./docker/bootstrap/bootstrap.env
ports:
- 25:25
- 143:143
- 587:587
- 993:993
volumes:
- maildata:/var/mail
- mailconf:/etc/mail
# Certbot
- ./docker/certbot/www:/var/www/certbot
- ./docker/certbot/.files:/etc/letsencrypt
volumes:
database:
maildata:
mailconf:

4
docker/mail/Dockerfile
View File

@ -5,8 +5,8 @@ ENV \
DOMAINNAME=example.com \
MAILNAME=mail \
POSTMASTER=postmaster@example.com \
SSL_CERT=/etc/ssl/mailserver.crt \
SSL_KEY=/etc/ssl/mailserver.key
SSL_CERT=/etc/ssl/cert.pem \
SSL_KEY=/etc/ssl/key.pem
# Install packages
RUN \

28
docker/mail/docker-compose.yml
View File

@ -1,28 +0,0 @@
version: '3.8'
services:
mail:
image: mail
build: .
environment:
DOMAINNAME: mail.test
MAILNAME: mail.mail.test
POSTMASTER: postmaster@mail.test
SSL_CERT: /etc/ssl/mailserver.crt
SSL_KEY: /etc/ssl/mailserver.key
container_name: mail
privileged: true
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- maildata:/var/mail
- mailconf:/etc/mail
volumes:
maildata:
mailconf:

26
docker/mail/rootfs/usr/bin/start.sh
View File

@ -1,14 +1,17 @@
#!/bin/sh
CERTBOT="/etc/letsencrypt/live/$domain/fullchain.pem"
KEYBOT="/etc/letsencrypt/live/$domain/privkey.pem"
# Config postfix
postconf -e myhostname="$MAILNAME"
postconf -e mydomain="$DOMAINNAME"
postconf -e smtpd_tls_cert_file="$SSL_CERT"
postconf -e smtpd_tls_key_file="$SSL_KEY"
postconf -e smtpd_tls_cert_file="$CERTBOT"
postconf -e smtpd_tls_key_file="$KEYBOT"
# Config dovecot
sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = $SSL_CERT#" /etc/dovecot/dovecot.conf
sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = $SSL_KEY#" /etc/dovecot/dovecot.conf
sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = <$CERTBOT#" /etc/dovecot/dovecot.conf
sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = <$KEYBOT#" /etc/dovecot/dovecot.conf
sed -i -e "s#^\s*hostname\s*=.*#hostname = $MAILNAME#" /etc/dovecot/dovecot.conf
sed -i -e "s#^\s*postmaster_address\s*=.*#postmaster_address = $POSTMASTER#" /etc/dovecot/dovecot.conf
@ -16,15 +19,14 @@ sed -i -e "s#^\s*postmaster_address\s*=.*#postmaster_address = $POSTMASTER#" /et
sed -i -e "s/#HOSTNAME/$MAILNAME/" /etc/opendkim/TrustedHosts
# Run openssl
if [ ! -e /etc/ssl/.ssl-generated ]
if [ $signed -eq 0 ]
then
openssl genrsa -des3 -passout pass:asdf -out /etc/ssl/mail.pass.key 2048 && \
openssl rsa -passin pass:asdf -in /etc/ssl/mail.pass.key -out "$SSL_KEY"
rm /etc/ssl/mail.pass.key
openssl req -new -key "$SSL_KEY" -out /etc/ssl/mail.csr \
-subj "/C=UK/ST=England/L=London/O=OrgName/OU=IT Department/CN=$MAILNAME"
openssl x509 -req -days 365 -in /etc/ssl/mail.csr -signkey "$SSL_KEY" -out "$SSL_CERT"
echo "Do not remove this file." >> /etc/ssl/.ssl-generated
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout "$SSL_KEY" -out "$SSL_CERT" \
-subj "/C=UK/ST=England/L=London/O=OrgName/OU=IT Department/CN=$MAILNAME"
postconf -e smtpd_tls_cert_file="$SSL_CERT"
postconf -e smtpd_tls_key_file="$SSL_KEY"
sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = <$SSL_CERT#" /etc/dovecot/dovecot.conf
sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = <$SSL_KEY#" /etc/dovecot/dovecot.conf
fi
# Run opendkim