From 8a0118ef00d0d8524d991d7ff90269387b7e6497 Mon Sep 17 00:00:00 2001
From: vp1100 <125098655+vp1100@users.noreply.github.com>
Date: Thu, 8 Aug 2024 23:12:12 +0200
Subject: [PATCH] Update ssl.sh

Extracting certificate for multiple domain for SNI support
---
 target/scripts/helpers/ssl.sh | 36 +++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/target/scripts/helpers/ssl.sh b/target/scripts/helpers/ssl.sh
index 6a7610ad..fdf866e4 100644
--- a/target/scripts/helpers/ssl.sh
+++ b/target/scripts/helpers/ssl.sh
@@ -127,6 +127,42 @@ function _setup_ssl() {
       fi
 
       _log 'trace' "letsencrypt (acme.json) extracted certificate using ${EXTRACTED_DOMAIN[0]}: '${EXTRACTED_DOMAIN[1]}'"
+
+      # Extracting certificates for SNI support
+      if [[ -n ${SSL_SNI_DOMAINS} ]] ; then
+        # add empty dovecot & postfix config
+        echo -n "" > /etc/dovecot/conf.d/10-sni.conf
+        echo -n "" > /etc/postfix/sni.map
+        
+        # add tls_server_sni_maps if not exist
+        local SNI_MAPS="tls_server_sni_maps = hash:/etc/postfix/sni.map"
+        grep -qxF -- "${SNI_MAPS}" "/etc/postfix/main.cf" || echo ${SNI_MAPS} >> /etc/postfix/main.cf
+        
+        for SNI_DOMAIN in ${SSL_SNI_DOMAINS//,/ }
+        do
+          if _extract_certs_from_acme "${SNI_DOMAIN}"; then
+            local PRIVATE_KEY="/etc/letsencrypt/live/${SNI_DOMAIN}/key.pem"
+            local CERT_CHAIN="/etc/letsencrypt/live/${SNI_DOMAIN}/fullchain.pem"
+            
+            # add domain certificate to postfix
+            echo "${SNI_DOMAIN} ${PRIVATE_KEY} ${CERT_CHAIN}" >> /etc/postfix/sni.map
+            
+            # add domain certificate to dovecot
+            echo "local_name ${SNI_DOMAIN} {" >> /etc/dovecot/conf.d/10-sni.conf
+            echo "  ssl_cert = <${CERT_CHAIN}" >> /etc/dovecot/conf.d/10-sni.conf
+            echo "  ssl_key = <${PRIVATE_KEY}" >> /etc/dovecot/conf.d/10-sni.conf
+            echo "}" >> /etc/dovecot/conf.d/10-sni.conf
+            
+            _log 'trace' "SNI: extracted domain: ${SNI_DOMAIN}"
+          else
+            _log 'warn' "SNI: letsencrypt (acme.json) failed to extract SNI domain: ${SNI_DOMAIN}"
+          fi
+        done
+        
+        # create postfix SNI table
+        postmap -F hash:/etc/postfix/sni.map
+        _log 'trace' "SNI: creating postfix db (sni.map.db)"
+      fi
     fi
   }