certificats et webmail

bin/getX509Certificates.sh

@@ -14,4 +14,5 @@ certificates="mail listes"
 for i in ${certificates}; do
   jq -r ".letsencrypt.Certificates[] | select(.domain.main==\"${i}.${domain}\") | .certificate" /var/lib/docker/volumes/traefik_letsencrypt/_data/acme.json | base64 -d > /etc/ssl/certs/${i}.pem
   jq -r ".letsencrypt.Certificates[] | select(.domain.main==\"${i}.${domain}\") | .key" /var/lib/docker/volumes/traefik_letsencrypt/_data/acme.json | base64 -d > /etc/ssl/private/${i}.key
+  chmod 600 /etc/ssl/private/${i}.key
 done

dockers/postfix/docker-compose.yml

@@ -26,7 +26,7 @@ services:
       - filterConfig:/home/filter/config/
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
-      - /etc/letsencrypt:/etc/letsencrypt:ro
+      - /etc/ssl:/etc/ssl:ro
 #      - /etc/ssl:/etc/ssl:ro
 #      - /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro
     environment:
@@ -41,6 +41,14 @@ services:
     cap_add:
       - NET_ADMIN
       - SYS_PTRACE
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.mail.rule=Host(`mail.${domain}`) || Host(`smtp.${domain}`)"
+      - "traefik.http.routers.webmails.rule=Host(`webmail.kaz.bzh`)"
+      - "traefik.http.middlewares.reg-webmails.redirectregex.regex=^https://webmail.kaz.bzh(.*)"
+      - "traefik.http.middlewares.reg-webmails.redirectregex.replacement=https://kaz.bzh/relever-ses-mails-chez-kaz-via-un-webmail"
+      - "traefik.http.middlewares.reg-webmails.redirectregex.permanent=true"
+      - "traefik.http.routers.webmails.middlewares=reg-webmails"
 
 volumes:
   mailData:

dockers/postfix/env-config

@@ -94,10 +94,10 @@ SMTP_ONLY=
 # custom => Enables custom certificates
 # manual => Let's you manually specify locations of your SSL certificates for non-standard cases
 # self-signed => Enables self-signed certificates
-#SSL_TYPE=self-signed
-SSL_TYPE=letsencrypt
-#SSL_CERT_PATH=
-#SSL_KEY_PATH=
+SSL_TYPE=manual
+#SSL_TYPE=letsencrypt
+SSL_CERT_PATH=/etc/ssl/certs/mail.pem
+SSL_KEY_PATH=/etc/ssl/private/mail.key
 
 # Set how many days a virusmail will stay on the server before being deleted
 # empty => 7 days

dockers/traefik/docker-compose.tmpl.yml.dist

@@ -38,13 +38,6 @@ services:
       - "traefik.http.routers.traefik_https.service=api@internal"
       - "traefik.http.routers.traefik_https.middlewares=test-adminipallowlist@file,traefik-auth"
       - "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/etc/traefik/passfile"
-      - "traefik.http.middlewares.reg-webmails.redirectregex.regex=^https://webmail.kaz.bzh(.*)"
-      - "traefik.http.middlewares.reg-webmails.redirectregex.replacement=https://kaz.bzh/relever-ses-mails-chez-kaz-via-un-webmail"
-      - "traefik.http.middlewares.reg-webmails.redirectregex.permanent=true"
-      - "traefik.http.routers.webmails.middlewares=reg-webmails"
-      - "traefik.http.routers.webmails.rule=Host(`webmail.kaz.bzh`)"
-      - "traefik.http.routers.mail.rule=Host(`mail.${domain}`) || Host(`smtp.${domain}`)" || Host(`imap.${domain}`)"
-      - "traefik.http.routers.listes.rule=Host(`listes.${domain}`)
 
     networks:
       - traefikNet