[DOCKER][MAIL] Fixed small bug with ssl certificates

docker-compose.yaml

@@ -85,22 +85,26 @@ services:
       - 6379:6379    
   
   mail:
-    build: docker/php
+    build: docker/mail
-    restart: always
-    tty: true
-    ports:
-      - "25:25"
-      - "143:143"
-      - "587:587"
-      - "993:993"
     environment:
-      - DOMAINNAME=mail.test
+      DOMAINNAME: mail.test
-      - HOSTNAME=mail
+      MAILNAME: mail.mail.test            
-      - POSTMASTER=postmaster@mail.test
+      POSTMASTER: postmaster@mail.test
-      - SSL_CERT=/etc/dovecot/ssl/mailserver.crt
+    env_file:
-      - SSL_KEY=/etc/dovecot/ssl/mailserver.key
+      - ./docker/bootstrap/bootstrap.env
-    
+    ports:
-    
+      - 25:25
+      - 143:143
+      - 587:587
+      - 993:993
+    volumes:
+      - maildata:/var/mail
+      - mailconf:/etc/mail
+      # Certbot
+      - ./docker/certbot/www:/var/www/certbot
+      - ./docker/certbot/.files:/etc/letsencrypt
 
 volumes:
   database:
+  maildata:
+  mailconf:

docker/mail/Dockerfile

@@ -5,8 +5,8 @@ ENV \
 	DOMAINNAME=example.com \
 	MAILNAME=mail \
 	POSTMASTER=postmaster@example.com \
-	SSL_CERT=/etc/ssl/mailserver.crt \
+	SSL_CERT=/etc/ssl/cert.pem \
-	SSL_KEY=/etc/ssl/mailserver.key
+	SSL_KEY=/etc/ssl/key.pem
 
 # Install packages
 RUN \

docker/mail/docker-compose.yml

@@ -1,28 +0,0 @@
-version: '3.8'
-
-services:
-    mail:
-        image: mail
-        build: .
-        environment:
-            DOMAINNAME: mail.test
-            MAILNAME: mail.mail.test            
-            POSTMASTER: postmaster@mail.test
-            SSL_CERT: /etc/ssl/mailserver.crt
-            SSL_KEY: /etc/ssl/mailserver.key
-        container_name: mail
-        privileged: true
-        ports:
-          - "25:25"
-          - "143:143"
-          - "587:587"
-          - "993:993"
-        volumes:
-          - maildata:/var/mail
-          - mailconf:/etc/mail
-        
-
-volumes:
-  maildata:
-  mailconf:
-        

docker/mail/rootfs/usr/bin/start.sh

@@ -1,14 +1,17 @@
 #!/bin/sh
 
+CERTBOT="/etc/letsencrypt/live/$domain/fullchain.pem"
+KEYBOT="/etc/letsencrypt/live/$domain/privkey.pem"
+
 # Config postfix
 postconf -e myhostname="$MAILNAME"
 postconf -e mydomain="$DOMAINNAME"
-postconf -e smtpd_tls_cert_file="$SSL_CERT"
+postconf -e smtpd_tls_cert_file="$CERTBOT"
-postconf -e smtpd_tls_key_file="$SSL_KEY"
+postconf -e smtpd_tls_key_file="$KEYBOT"
 
 # Config dovecot
-sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = $SSL_CERT#" /etc/dovecot/dovecot.conf
+sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = <$CERTBOT#" /etc/dovecot/dovecot.conf
-sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = $SSL_KEY#" /etc/dovecot/dovecot.conf
+sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = <$KEYBOT#" /etc/dovecot/dovecot.conf
 sed -i -e "s#^\s*hostname\s*=.*#hostname = $MAILNAME#" /etc/dovecot/dovecot.conf
 sed -i -e "s#^\s*postmaster_address\s*=.*#postmaster_address = $POSTMASTER#" /etc/dovecot/dovecot.conf
 
@@ -16,15 +19,14 @@ sed -i -e "s#^\s*postmaster_address\s*=.*#postmaster_address = $POSTMASTER#" /et
 sed -i -e "s/#HOSTNAME/$MAILNAME/" /etc/opendkim/TrustedHosts
 
 # Run openssl
-if [ ! -e /etc/ssl/.ssl-generated ]
+if [ $signed -eq 0 ]
 then
-	openssl genrsa -des3 -passout pass:asdf -out /etc/ssl/mail.pass.key 2048 && \
+	openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout "$SSL_KEY" -out "$SSL_CERT" \
-	openssl rsa -passin pass:asdf -in /etc/ssl/mail.pass.key -out "$SSL_KEY"
-	rm /etc/ssl/mail.pass.key
-	openssl req -new -key "$SSL_KEY" -out /etc/ssl/mail.csr \
 		-subj "/C=UK/ST=England/L=London/O=OrgName/OU=IT Department/CN=$MAILNAME"
-	openssl x509 -req -days 365 -in /etc/ssl/mail.csr -signkey "$SSL_KEY" -out "$SSL_CERT"
+	postconf -e smtpd_tls_cert_file="$SSL_CERT"
-	echo "Do not remove this file." >> /etc/ssl/.ssl-generated
+	postconf -e smtpd_tls_key_file="$SSL_KEY"
+	sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = <$SSL_CERT#" /etc/dovecot/dovecot.conf
+	sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = <$SSL_KEY#" /etc/dovecot/dovecot.conf
 fi
 
 # Run opendkim