Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

letsencrypt Support #145

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

letsencrypt Support #145

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b57ae95
Update install_all_pkgs.sh
smyers119 Dec 23, 2023
b81e371
Letsencrypt support
smyers119 Dec 23, 2023
bf9635c
removed staging
smyers119 Dec 23, 2023
3d430a3
fix cron bug
smyers119 Dec 23, 2023
dcc0d04
fix certificate allocation
smyers119 Dec 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ echo FIRST_MAIL_DOMAIN=mydomain.com >> iredmail-docker.conf
echo FIRST_MAIL_DOMAIN_ADMIN_PASSWORD=my-secret-password >> iredmail-docker.conf
echo MLMMJADMIN_API_TOKEN=$(openssl rand -base64 32) >> iredmail-docker.conf
echo ROUNDCUBE_DES_KEY=$(openssl rand -base64 24) >> iredmail-docker.conf
echo LETSENCRYPT=true >> iredmail-docker.conf
```

Create required directories to store application data:
Expand Down Expand Up @@ -60,6 +61,7 @@ docker run \
-v /iredmail/data/clamav:/var/lib/clamav \
-v /iredmail/data/sa_rules:/var/lib/spamassassin \
-v /iredmail/data/postfix_queue:/var/spool/postfix \
-v /iredmail/data/ssl:/etc/letsencrypt \
iredmail/mariadb:stable
```

Expand Down
4 changes: 4 additions & 0 deletions entrypoints/cron.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,8 @@

. /docker/entrypoints/functions.sh

echo "1 3 * * * certbot renew --webroot -w /var/www/html --post-hook 'ln -sf /etc/letsencrypt/live/${HOSTNAME}/privkey.pem /opt/iredmail/ssl/key.pem; /usr/sbin/service postfix restart; /usr/sbin/service nginx restart; /usr/sbin/service dovecot restart'" > /etc/cron.d/letsencrypt

chmod 0644 /etc/cron.d/letsencrypt

set_cron_file_permission
45 changes: 27 additions & 18 deletions entrypoints/dovecot.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,25 +39,34 @@ for d in ${MAILBOXES_DIR} \
[[ -d ${d} ]] || mkdir -p ${d}
done

# Create self-signed ssl cert.
if [[ ! -f ${SSL_CERT_FILE} ]] || [[ ! -f ${SSL_KEY_FILE} ]]; then
LOG "Generating self-signed ssl cert under ${SSL_CERT_DIR}."
openssl req -x509 -nodes -sha256 -days 3650 \
-subj "/C=${SSL_CERT_COUNTRY}/ST=${SSL_CERT_STATE}/L=${SSL_CERT_CITY}/O=${SSL_CERT_DEPARTMENT}/CN=${HOSTNAME}/emailAddress=${POSTMASTER_EMAIL}" \
-newkey rsa:${SSL_KEY_LENGTH} \
-out ${SSL_CERT_FILE} \
-keyout ${SSL_KEY_FILE} >/dev/null

cp -f ${SSL_CERT_FILE} ${SSL_COMBINED_FILE}
if [ "${LETSENCRYPT}"=true ]; then
if [ ! -f /etc/letsencrypt/live/${HOSTNAME}/privkey.pem ]; then
certbot certonly --standalone --non-interactive --agree-tos -d ${HOSTNAME} -m ${POSTMASTER_EMAIL}
fi
ln -sf /etc/letsencrypt/live/${HOSTNAME}/cert.pem /opt/iredmail/ssl/cert.pem
ln -sf /etc/letsencrypt/live/${HOSTNAME}/privkey.pem /opt/iredmail/ssl/key.pem
ln -sf /etc/letsencrypt/live/${HOSTNAME}/fullchain.pem /opt/iredmail/ssl/combined.pem

else
# Create self-signed ssl cert.
if [[ ! -f ${SSL_CERT_FILE} ]] || [[ ! -f ${SSL_KEY_FILE} ]]; then
LOG "Generating self-signed ssl cert under ${SSL_CERT_DIR}."
openssl req -x509 -nodes -sha256 -days 3650 \
-subj "/C=${SSL_CERT_COUNTRY}/ST=${SSL_CERT_STATE}/L=${SSL_CERT_CITY}/O=${SSL_CERT_DEPARTMENT}/CN=${HOSTNAME}/emailAddress=${POSTMASTER_EMAIL}" \
-newkey rsa:${SSL_KEY_LENGTH} \
-out ${SSL_CERT_FILE} \
-keyout ${SSL_KEY_FILE} >/dev/null

cp -f ${SSL_CERT_FILE} ${SSL_COMBINED_FILE}
fi
chmod 0644 ${SSL_CERT_FILE} ${SSL_KEY_FILE} ${SSL_COMBINED_FILE}
fi
chmod 0644 ${SSL_CERT_FILE} ${SSL_KEY_FILE} ${SSL_COMBINED_FILE}

# Create dh param.
if [[ ! -f ${SSL_DHPARAM2048_FILE} ]]; then
LOG "Generating dh param file: ${SSL_DHPARAM2048_FILE}. It make take a long time."
openssl dhparam -out ${SSL_DHPARAM2048_FILE} 2048 >/dev/null
fi
chmod 0644 ${SSL_DHPARAM2048_FILE}
# Create dh param.
if [[ ! -f ${SSL_DHPARAM2048_FILE} ]]; then
LOG "Generating dh param file: ${SSL_DHPARAM2048_FILE}. It make take a long time."
openssl dhparam -out ${SSL_DHPARAM2048_FILE} 2048 >/dev/null
fi
chmod 0644 ${SSL_DHPARAM2048_FILE}

# Make sure mailboxes directory has correct owner/group and permission.
# Note: If there're many mailboxes, `chown/chmod -R` will take a long time.
Expand Down
1 change: 1 addition & 0 deletions run_all_in_one.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,4 +64,5 @@ docker run \
-v ${DATA_DIR}/imapsieve_copy:/var/vmail/imapsieve_copy \
-v ${DATA_DIR}/sa_rules:/var/lib/spamassassin \
-v ${DATA_DIR}/postfix_queue:/var/spool/postfix \
-v ${DATA_DIR}/ssl:/etc/letsencrypt \
iredmail/mariadb:nightly
2 changes: 1 addition & 1 deletion scripts/install_all_pkgs.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
export DEBIAN_FRONTEND='noninteractive'

# Required binary packages.
PKGS_BASE="apt-transport-https bzip2 cron ca-certificates curl dbus dirmngr gzip openssl python3-apt python3-setuptools rsyslog software-properties-common unzip python3-pymysql python3-psycopg2"
PKGS_BASE="apt-transport-https bzip2 cron ca-certificates certbot curl dbus dirmngr gzip openssl python3-apt python3-setuptools rsyslog software-properties-common unzip python3-pymysql python3-psycopg2"
PKGS_MYSQL="mariadb-server"
PKGS_NGINX="nginx"
PKGS_PHP_FPM="php-fpm php-cli"
Expand Down