paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[SSL] add new SNI config on updates / new installs

master
Marcel Hofer 2019-10-19 13:00:01 +02:00
parent 84c5f43438
commit f702c67bdc
2 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
generate_config.sh
View File

@ -191,6 +191,11 @@ ADDITIONAL_SAN=
SKIP_LETS_ENCRYPT=n SKIP_LETS_ENCRYPT=n
# Create seperate certificates for all domains - y/n
# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
# see https://wiki.dovecot.org/SSL/SNIClientSupport
ENABLE_SSL_SNI=n
# Skip IPv4 check in ACME container - y/n # Skip IPv4 check in ACME container - y/n
SKIP_IP_CHECK=n SKIP_IP_CHECK=n
@ -269,4 +274,4 @@ mkdir -p data/assets/ssl
chmod 600 mailcow.conf chmod 600 mailcow.conf
# copy but don't overwrite existing certificate # copy but don't overwrite existing certificate
cp -n data/assets/ssl-example/*.pem data/assets/ssl/ cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/

13
update.sh
View File

@ -168,6 +168,7 @@ CONFIG_ARRAY=(
"ACL_ANYONE" "ACL_ANYONE"
"SOLR_HEAP" "SOLR_HEAP"
"SKIP_SOLR" "SKIP_SOLR"
"ENABLE_SSL_SNI"
"ALLOW_ADMIN_EMAIL_LOGIN" "ALLOW_ADMIN_EMAIL_LOGIN"
"SKIP_HTTP_VERIFICATION" "SKIP_HTTP_VERIFICATION"
"SOGO_EXPIRE_SESSION" "SOGO_EXPIRE_SESSION"
@ -275,7 +276,15 @@ for option in ${CONFIG_ARRAY[@]}; do
echo '# Solr is disabled by default after upgrading from non-Solr to Solr-enabled mailcows.' >> mailcow.conf echo '# Solr is disabled by default after upgrading from non-Solr to Solr-enabled mailcows.' >> mailcow.conf
echo '# Disable Solr or if you do not want to store a readable index of your mails in solr-vol-1.' >> mailcow.conf echo '# Disable Solr or if you do not want to store a readable index of your mails in solr-vol-1.' >> mailcow.conf
echo "SKIP_SOLR=y" >> mailcow.conf echo "SKIP_SOLR=y" >> mailcow.conf
fi fi
elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then
if ! grep -q ${option} mailcow.conf; then
echo "Adding new option \"${option}\" to mailcow.conf"
echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
echo "ENABLE_SSL_SNI=n" >> mailcow.conf
fi
elif [[ ${option} == "MAILDIR_SUB" ]]; then elif [[ ${option} == "MAILDIR_SUB" ]]; then
if ! grep -q ${option} mailcow.conf; then if ! grep -q ${option} mailcow.conf; then
echo "Adding new option \"${option}\" to mailcow.conf" echo "Adding new option \"${option}\" to mailcow.conf"
@ -407,7 +416,7 @@ docker-compose pull
# Fix missing SSL, does not overwrite existing files # Fix missing SSL, does not overwrite existing files
[[ ! -d data/assets/ssl ]] && mkdir -p data/assets/ssl [[ ! -d data/assets/ssl ]] && mkdir -p data/assets/ssl
cp -n data/assets/ssl-example/*.pem data/assets/ssl/ cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
echo -e "Checking IPv6 settings... " echo -e "Checking IPv6 settings... "
if grep -q 'SYSCTL_IPV6_DISABLED=1' mailcow.conf; then if grep -q 'SYSCTL_IPV6_DISABLED=1' mailcow.conf; then