From 4b95553be0456f6ed5de0b35a2ab0fc962e3c68c Mon Sep 17 00:00:00 2001 From: Fanch Date: Sat, 19 Apr 2025 14:23:06 +0200 Subject: [PATCH] certificats et webmail --- bin/getX509Certificates.sh | 1 + dockers/postfix/docker-compose.yml | 10 +++++++++- dockers/postfix/env-config | 8 ++++---- dockers/traefik/docker-compose.tmpl.yml.dist | 7 ------- 4 files changed, 14 insertions(+), 12 deletions(-) mode change 100644 => 100755 bin/getX509Certificates.sh diff --git a/bin/getX509Certificates.sh b/bin/getX509Certificates.sh old mode 100644 new mode 100755 index dc83ce9..9af6f4c --- a/bin/getX509Certificates.sh +++ b/bin/getX509Certificates.sh @@ -14,4 +14,5 @@ certificates="mail listes" for i in ${certificates}; do jq -r ".letsencrypt.Certificates[] | select(.domain.main==\"${i}.${domain}\") | .certificate" /var/lib/docker/volumes/traefik_letsencrypt/_data/acme.json | base64 -d > /etc/ssl/certs/${i}.pem jq -r ".letsencrypt.Certificates[] | select(.domain.main==\"${i}.${domain}\") | .key" /var/lib/docker/volumes/traefik_letsencrypt/_data/acme.json | base64 -d > /etc/ssl/private/${i}.key + chmod 600 /etc/ssl/private/${i}.key done diff --git a/dockers/postfix/docker-compose.yml b/dockers/postfix/docker-compose.yml index a966e20..bf0fc86 100644 --- a/dockers/postfix/docker-compose.yml +++ b/dockers/postfix/docker-compose.yml @@ -26,7 +26,7 @@ services: - filterConfig:/home/filter/config/ - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - - /etc/letsencrypt:/etc/letsencrypt:ro + - /etc/ssl:/etc/ssl:ro # - /etc/ssl:/etc/ssl:ro # - /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro environment: @@ -41,6 +41,14 @@ services: cap_add: - NET_ADMIN - SYS_PTRACE + labels: + - "traefik.enable=true" + - "traefik.http.routers.mail.rule=Host(`mail.${domain}`) || Host(`smtp.${domain}`)" + - "traefik.http.routers.webmails.rule=Host(`webmail.kaz.bzh`)" + - "traefik.http.middlewares.reg-webmails.redirectregex.regex=^https://webmail.kaz.bzh(.*)" + - "traefik.http.middlewares.reg-webmails.redirectregex.replacement=https://kaz.bzh/relever-ses-mails-chez-kaz-via-un-webmail" + - "traefik.http.middlewares.reg-webmails.redirectregex.permanent=true" + - "traefik.http.routers.webmails.middlewares=reg-webmails" volumes: mailData: diff --git a/dockers/postfix/env-config b/dockers/postfix/env-config index 75f7dc2..4dcee87 100644 --- a/dockers/postfix/env-config +++ b/dockers/postfix/env-config @@ -94,10 +94,10 @@ SMTP_ONLY= # custom => Enables custom certificates # manual => Let's you manually specify locations of your SSL certificates for non-standard cases # self-signed => Enables self-signed certificates -#SSL_TYPE=self-signed -SSL_TYPE=letsencrypt -#SSL_CERT_PATH= -#SSL_KEY_PATH= +SSL_TYPE=manual +#SSL_TYPE=letsencrypt +SSL_CERT_PATH=/etc/ssl/certs/mail.pem +SSL_KEY_PATH=/etc/ssl/private/mail.key # Set how many days a virusmail will stay on the server before being deleted # empty => 7 days diff --git a/dockers/traefik/docker-compose.tmpl.yml.dist b/dockers/traefik/docker-compose.tmpl.yml.dist index e92b0f3..e372622 100644 --- a/dockers/traefik/docker-compose.tmpl.yml.dist +++ b/dockers/traefik/docker-compose.tmpl.yml.dist @@ -38,13 +38,6 @@ services: - "traefik.http.routers.traefik_https.service=api@internal" - "traefik.http.routers.traefik_https.middlewares=test-adminipallowlist@file,traefik-auth" - "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/etc/traefik/passfile" - - "traefik.http.middlewares.reg-webmails.redirectregex.regex=^https://webmail.kaz.bzh(.*)" - - "traefik.http.middlewares.reg-webmails.redirectregex.replacement=https://kaz.bzh/relever-ses-mails-chez-kaz-via-un-webmail" - - "traefik.http.middlewares.reg-webmails.redirectregex.permanent=true" - - "traefik.http.routers.webmails.middlewares=reg-webmails" - - "traefik.http.routers.webmails.rule=Host(`webmail.kaz.bzh`)" - - "traefik.http.routers.mail.rule=Host(`mail.${domain}`) || Host(`smtp.${domain}`)" || Host(`imap.${domain}`)" - - "traefik.http.routers.listes.rule=Host(`listes.${domain}`) networks: - traefikNet