[SSL] add new SNI config on updates / new installs
parent
84c5f43438
commit
f702c67bdc
|
@ -191,6 +191,11 @@ ADDITIONAL_SAN=
|
||||||
|
|
||||||
SKIP_LETS_ENCRYPT=n
|
SKIP_LETS_ENCRYPT=n
|
||||||
|
|
||||||
|
# Create seperate certificates for all domains - y/n
|
||||||
|
# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
|
||||||
|
# see https://wiki.dovecot.org/SSL/SNIClientSupport
|
||||||
|
ENABLE_SSL_SNI=n
|
||||||
|
|
||||||
# Skip IPv4 check in ACME container - y/n
|
# Skip IPv4 check in ACME container - y/n
|
||||||
|
|
||||||
SKIP_IP_CHECK=n
|
SKIP_IP_CHECK=n
|
||||||
|
@ -269,4 +274,4 @@ mkdir -p data/assets/ssl
|
||||||
chmod 600 mailcow.conf
|
chmod 600 mailcow.conf
|
||||||
|
|
||||||
# copy but don't overwrite existing certificate
|
# copy but don't overwrite existing certificate
|
||||||
cp -n data/assets/ssl-example/*.pem data/assets/ssl/
|
cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
|
||||||
|
|
13
update.sh
13
update.sh
|
@ -168,6 +168,7 @@ CONFIG_ARRAY=(
|
||||||
"ACL_ANYONE"
|
"ACL_ANYONE"
|
||||||
"SOLR_HEAP"
|
"SOLR_HEAP"
|
||||||
"SKIP_SOLR"
|
"SKIP_SOLR"
|
||||||
|
"ENABLE_SSL_SNI"
|
||||||
"ALLOW_ADMIN_EMAIL_LOGIN"
|
"ALLOW_ADMIN_EMAIL_LOGIN"
|
||||||
"SKIP_HTTP_VERIFICATION"
|
"SKIP_HTTP_VERIFICATION"
|
||||||
"SOGO_EXPIRE_SESSION"
|
"SOGO_EXPIRE_SESSION"
|
||||||
|
@ -275,7 +276,15 @@ for option in ${CONFIG_ARRAY[@]}; do
|
||||||
echo '# Solr is disabled by default after upgrading from non-Solr to Solr-enabled mailcows.' >> mailcow.conf
|
echo '# Solr is disabled by default after upgrading from non-Solr to Solr-enabled mailcows.' >> mailcow.conf
|
||||||
echo '# Disable Solr or if you do not want to store a readable index of your mails in solr-vol-1.' >> mailcow.conf
|
echo '# Disable Solr or if you do not want to store a readable index of your mails in solr-vol-1.' >> mailcow.conf
|
||||||
echo "SKIP_SOLR=y" >> mailcow.conf
|
echo "SKIP_SOLR=y" >> mailcow.conf
|
||||||
fi
|
fi
|
||||||
|
elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then
|
||||||
|
if ! grep -q ${option} mailcow.conf; then
|
||||||
|
echo "Adding new option \"${option}\" to mailcow.conf"
|
||||||
|
echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
|
||||||
|
echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
|
||||||
|
echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
|
||||||
|
echo "ENABLE_SSL_SNI=n" >> mailcow.conf
|
||||||
|
fi
|
||||||
elif [[ ${option} == "MAILDIR_SUB" ]]; then
|
elif [[ ${option} == "MAILDIR_SUB" ]]; then
|
||||||
if ! grep -q ${option} mailcow.conf; then
|
if ! grep -q ${option} mailcow.conf; then
|
||||||
echo "Adding new option \"${option}\" to mailcow.conf"
|
echo "Adding new option \"${option}\" to mailcow.conf"
|
||||||
|
@ -407,7 +416,7 @@ docker-compose pull
|
||||||
|
|
||||||
# Fix missing SSL, does not overwrite existing files
|
# Fix missing SSL, does not overwrite existing files
|
||||||
[[ ! -d data/assets/ssl ]] && mkdir -p data/assets/ssl
|
[[ ! -d data/assets/ssl ]] && mkdir -p data/assets/ssl
|
||||||
cp -n data/assets/ssl-example/*.pem data/assets/ssl/
|
cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
|
||||||
|
|
||||||
echo -e "Checking IPv6 settings... "
|
echo -e "Checking IPv6 settings... "
|
||||||
if grep -q 'SYSCTL_IPV6_DISABLED=1' mailcow.conf; then
|
if grep -q 'SYSCTL_IPV6_DISABLED=1' mailcow.conf; then
|
||||||
|
|
Loading…
Reference in New Issue