Browse Source

Make letsencrypt optional (still generating self-signed certificates)

master
parent
commit
eff501851f
2 changed files with 15 additions and 9 deletions
  1. 3
    2
      Dockerfile
  2. 12
    7
      haraka.sh

+ 3
- 2
Dockerfile View File

@@ -1,7 +1,8 @@
FROM node:latest

ENV HOSTNAME=${HOSTNAME:-haraka}
ENV HOSTNAME=${HOSTNAME:-haraka.localdomain}
ENV EMAIL=${EMAIL:-test@email.tld}
ENV USE_LETSENCRYPT=${USE_LETSENCRYPT:-false}

RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list && \
apt-get update && apt-get upgrade -y && apt-get -t jessie-backports install -y supervisor certbot cron && \
@@ -41,4 +42,4 @@ EXPOSE 25 80 587
VOLUME /haraka
VOLUME /etc/letsencrypt

ENTRYPOINT ["/usr/bin/supervisord"]
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]

+ 12
- 7
haraka.sh View File

@@ -8,14 +8,19 @@ fi
# Specify hostname
echo $HOSTNAME > /haraka/config/me

# Get and install certificates from Let's Encrypt
if [ ! -d /haraka/config/tls ]; then
# Create tls directory if it doesn't
mkdir -p /haraka/config/tls

cd /haraka/config/tls
if [ "${USE_LETSENCRYPT,,}" == "yes" -o "${USE_LETSENCRYPT,,}" == "true" ]; then
# Get and install certificates from Let's Encrypt
certbot certonly -n --agree-tos --email "$EMAIL" -d "$HOSTNAME" --standalone --preferred-challenges http
mkdir -p /haraka/config/tls
cd /haraka/config/tls
ln -s /etc/letsencrypt/live/$HOSTNAME/privkey.pem tls-key.pem
ln -s /etc/letsencrypt/live/$HOSTNAME/fullchain.pem tls-cert.pem
cd -
ln -sf /etc/letsencrypt/live/$HOSTNAME/privkey.pem tls-key.pem
ln -sf /etc/letsencrypt/live/$HOSTNAME/fullchain.pem tls-cert.pem
else
# Generate a self-signed certificate for the hostname provided
openssl req -subj "/O=Self Signed Certificate/CN=$HOSTNAME" -new -newkey rsa:4096 -days 365 -nodes -x509 -sha256 -keyout tls-key.pem -out tls-cert.pem
fi
cd -

haraka -c /haraka

Loading…
Cancel
Save