From 79ed95ff338929f36ac191397b619f6b562237aa Mon Sep 17 00:00:00 2001 From: Morgan Kesler Date: Tue, 30 Aug 2016 21:05:29 -0400 Subject: [PATCH] Add the option of manually specifying paths to SSL certificates --- README.md | 5 +++-- target/start-mailserver.sh | 24 ++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3c15cd3f..e08a4b0b 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Before you open an issue, please have a look this `README`, the [Wiki](https://g ## Usage #### Get latest image - + docker pull tvial/docker-mailserver:latest #### Create a `docker-compose.yml` @@ -70,7 +70,7 @@ Don't forget to adapt MAIL_USER and MAIL_PASS to your needs -ti tvial/docker-mailserver:latest \ /bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s SHA512-CRYPT -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf -#### Generate DKIM keys +#### Generate DKIM keys docker run --rm \ -v "$(pwd)/config":/tmp/docker-mailserver \ @@ -143,6 +143,7 @@ Otherwise, `iptables` won't be able to ban IPs. - **empty** => SSL disabled - letsencrypt => Enables Let's Encrypt certificates - custom => Enables custom certificates + - manual => Let's you manually specify locations of your SSL certificates for non-standard cases - self-signed => Enables self-signed certificates Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information. diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 3745e973..e9a80474 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -165,6 +165,30 @@ case $SSL_TYPE in fi ;; + "manual" ) + # Lets you manually specify the location of the SSL Certs to use. This gives you some more control over this whole processes (like using kube-lego to generate certs) + if [ -n "$SSL_CERT_PATH" ] \ + && [ -n "$SSL_KEY_PATH" ]; then + echo "Configuring certificates using cert $SSL_CERT_PATH and key $SSL_KEY_PATH" + mkdir -p /etc/postfix/ssl + cp "$SSL_CERT_PATH" /etc/postfix/ssl/cert + cp "$SSL_KEY_PATH" /etc/postfix/ssl/key + chmod 600 /etc/postfix/ssl/cert + chmod 600 /etc/postfix/ssl/key + + # Postfix configuration + sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/cert/g' /etc/postfix/main.cf + sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/key/g' /etc/postfix/main.cf + + # Dovecot configuration + sed -i -e 's/ssl_cert = <\/etc\/dovecot\/dovecot\.pem/ssl_cert = <\/etc\/postfix\/ssl\/cert/g' /etc/dovecot/conf.d/10-ssl.conf + sed -i -e 's/ssl_key = <\/etc\/dovecot\/private\/dovecot\.pem/ssl_key = <\/etc\/postfix\/ssl\/key/g' /etc/dovecot/conf.d/10-ssl.conf + + echo "SSL configured with 'Manual' certificates" + + fi + ;; + "self-signed" ) # Adding self-signed SSL certificate if provided in 'postfix/ssl' folder if [ -e "/tmp/docker-mailserver/ssl/$(hostname)-cert.pem" ] \