Make letsencrypt optional (still generating self-signed certificates)

master
Carlos Mogas da Silva hace 6 años
padre fbdf51a6f9
commit eff501851f
  1. 5
      Dockerfile
  2. 19
      haraka.sh

@ -1,7 +1,8 @@
FROM node:latest
ENV HOSTNAME=${HOSTNAME:-haraka}
ENV HOSTNAME=${HOSTNAME:-haraka.localdomain}
ENV EMAIL=${EMAIL:-test@email.tld}
ENV USE_LETSENCRYPT=${USE_LETSENCRYPT:-false}
RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list && \
apt-get update && apt-get upgrade -y && apt-get -t jessie-backports install -y supervisor certbot cron && \
@ -41,4 +42,4 @@ EXPOSE 25 80 587
VOLUME /haraka
VOLUME /etc/letsencrypt
ENTRYPOINT ["/usr/bin/supervisord"]
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]

@ -8,14 +8,19 @@ fi
# Specify hostname
echo $HOSTNAME > /haraka/config/me
# Get and install certificates from Let's Encrypt
if [ ! -d /haraka/config/tls ]; then
# Create tls directory if it doesn't
mkdir -p /haraka/config/tls
cd /haraka/config/tls
if [ "${USE_LETSENCRYPT,,}" == "yes" -o "${USE_LETSENCRYPT,,}" == "true" ]; then
# Get and install certificates from Let's Encrypt
certbot certonly -n --agree-tos --email "$EMAIL" -d "$HOSTNAME" --standalone --preferred-challenges http
mkdir -p /haraka/config/tls
cd /haraka/config/tls
ln -s /etc/letsencrypt/live/$HOSTNAME/privkey.pem tls-key.pem
ln -s /etc/letsencrypt/live/$HOSTNAME/fullchain.pem tls-cert.pem
cd -
ln -sf /etc/letsencrypt/live/$HOSTNAME/privkey.pem tls-key.pem
ln -sf /etc/letsencrypt/live/$HOSTNAME/fullchain.pem tls-cert.pem
else
# Generate a self-signed certificate for the hostname provided
openssl req -subj "/O=Self Signed Certificate/CN=$HOSTNAME" -new -newkey rsa:4096 -days 365 -nodes -x509 -sha256 -keyout tls-key.pem -out tls-cert.pem
fi
cd -
haraka -c /haraka

Cargando…
Cancelar
Guardar