From 0fd0cff8acad0fe90c7f44cd59c0954627dd4a4e Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 13 Jun 2017 23:37:48 +0200 Subject: [PATCH] Auto-sign autodiscover and autoconfig for all domains found in mailcow - only if A records exists and matches --- data/Dockerfiles/acme/Dockerfile | 3 +- data/Dockerfiles/acme/docker-entrypoint.sh | 52 +++++++++++++++------- 2 files changed, 39 insertions(+), 16 deletions(-) diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile index 0ecb92b4..efcfcb97 100644 --- a/data/Dockerfiles/acme/Dockerfile +++ b/data/Dockerfiles/acme/Dockerfile @@ -7,7 +7,8 @@ RUN apk add --update --no-cache \ acme-client \ curl \ openssl \ - bind-tools + bind-tools \ + mariadb-client COPY docker-entrypoint.sh /srv/docker-entrypoint.sh diff --git a/data/Dockerfiles/acme/docker-entrypoint.sh b/data/Dockerfiles/acme/docker-entrypoint.sh index f2bfd8b1..3b7d7560 100755 --- a/data/Dockerfiles/acme/docker-entrypoint.sh +++ b/data/Dockerfiles/acme/docker-entrypoint.sh @@ -13,28 +13,50 @@ restart_containers(){ while true; do - AUTODISCOVER= - AUTODISCOVER_A=$(dig a autodiscover.${MAILCOW_HOSTNAME#*} +short @208.67.220.222) - if [[ ! -z ${AUTODISCOVER_A} ]]; then - if [[ $(curl -4s https://mailcow.email/ip.php) == ${AUTODISCOVER_A} ]]; then - AUTODISCOVER="autodiscover.${MAILCOW_HOSTNAME#*}" - fi - fi + # Autodiscover and Autoconfig (Thunderbird) + declare -a SQL_DOMAIN_ARR + declare -a DOMAIN_ARR + declare -a DOMAIN_ARR - AUTOCONFIG= - AUTOCONFIG_A=$(dig a autoconfig.${MAILCOW_HOSTNAME#*} +short @208.67.220.222) - if [[ ! -z ${AUTOCONFIG_A} ]]; then - if [[ $(curl -4s https://mailcow.email/ip.php) == ${AUTOCONFIG_A} ]]; then - AUTOCONFIG="autoconfig.${MAILCOW_HOSTNAME#*}" + while read line; do + SQL_DOMAIN_ARR+=("${line}") + done < <(mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain" -Bs) + + for SQL_DOMAIN in "${SQL_DOMAIN_ARR[@]}"; do + IPV4=$(curl -4s https://mailcow.email/ip.php) + A_CONFIG=$(dig A autoconfig.${SQL_DOMAIN} +short @208.67.220.222) + if [[ ! -z ${A_CONFIG} ]]; then + echo "Found A record for autoconfig.${SQL_DOMAIN}: ${A_CONFIG}" + if [[ ${IPV4} == ${A_CONFIG} ]]; then + echo "Confirmed A record autoconfig.${SQL_DOMAIN}" + CONFIG_DOMAINS+=("autoconfig.${SQL_DOMAIN}") + else + echo "Cannot match Your IP against hostname autoconfig.${SQL_DOMAIN}" + fi + else + echo "No A record for autoconfig.${SQL_DOMAIN} found" fi - fi + + A_DISCOVER=$(dig A autodiscover.${SQL_DOMAIN} +short @208.67.220.222) + if [[ ! -z ${A_DISCOVER} ]]; then + echo "Found A record for autodiscover.${SQL_DOMAIN}: ${A_CONFIG}" + if [[ ${IPV4} == ${A_DISCOVER} ]]; then + echo "Confirmed A record autodiscover.${SQL_DOMAIN}" + CONFIG_DOMAINS+=("autodiscover.${SQL_DOMAIN}") + else + echo "Cannot match Your IP against hostname autodiscover.${SQL_DOMAIN}" + fi + else + echo "No A record for autodiscover.${SQL_DOMAIN} found" + fi + done acme-client \ - -v -b -N -n \ + -v -e -b -N -n \ -f ${ACME_BASE}/acme/private/account.key \ -k ${ACME_BASE}/acme/private/privkey.pem \ -c ${ACME_BASE}/acme \ - ${MAILCOW_HOSTNAME} ${AUTOCONFIG} ${AUTODISCOVER} ${ADDITIONAL_SAN} + ${MAILCOW_HOSTNAME} ${CONFIG_DOMAINS[*]} ${ADDITIONAL_SAN} case "$?" in 0) # new certs