mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-08-02 17:14:31 +02:00
Merge pull request #1553 from MichaelSp/letsencrypt-traefik-acme-json
Letsencrypt traefik v2 acme json
This commit is contained in:
Erik Wramner
GitHub
commit
f206ad7ee1
13 changed files with 258 additions and 35 deletions
|
|
@ -1,5 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
. /usr/local/bin/helper_functions.sh
|
||||
|
||||
# create date for log output
|
||||
log_date=$(date +"%Y-%m-%d %H:%M:%S ")
|
||||
echo "${log_date} Start check-for-changes script."
|
||||
|
|
@ -32,7 +34,7 @@ echo "${log_date} Using postmaster address ${PM_ADDRESS}"
|
|||
|
||||
# Create an array of files to monitor, must be the same as in start-mailserver.sh
|
||||
declare -a cf_files=()
|
||||
for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf dovecot-quotas.cf; do
|
||||
for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf dovecot-quotas.cf /etc/letsencrypt/acme.json "/etc/letsencrypt/live/$HOSTNAME/key.pem" "/etc/letsencrypt/live/$HOSTNAME/fullchain.pem"; do
|
||||
[ -f "$file" ] && cf_files+=("$file")
|
||||
done
|
||||
|
||||
|
|
@ -61,6 +63,14 @@ if [[ $chksum == *"FAIL"* ]]; then
|
|||
(
|
||||
flock -e 200
|
||||
|
||||
if [[ $chksum == *"/etc/letsencrypt/acme.json: FAILED"* ]]; then
|
||||
for certdomain in $SSL_DOMAIN $HOSTNAME $DOMAINNAME; do
|
||||
if extractCertsFromAcmeJson "$certdomain"; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
#regen postix aliases.
|
||||
echo "root: ${PM_ADDRESS}" > /etc/aliases
|
||||
if [ -f /tmp/docker-mailserver/postfix-aliases.cf ]; then
|
||||
|
|
|
|||
|
|
@ -2,36 +2,54 @@
|
|||
|
||||
# expects mask prefix length and the digit
|
||||
function _mask_ip_digit() {
|
||||
if [[ $1 -ge 8 ]]; then
|
||||
MASK=255
|
||||
else
|
||||
if [[ $1 -le 0 ]]; then
|
||||
MASK=0
|
||||
else
|
||||
VALUES=('0' '128' '192' '224' '240' '248' '252' '254' '255')
|
||||
MASK=${VALUES[$1]}
|
||||
fi
|
||||
fi
|
||||
echo $(( $2 & $MASK ))
|
||||
if [[ $1 -ge 8 ]]; then
|
||||
MASK=255
|
||||
else
|
||||
if [[ $1 -le 0 ]]; then
|
||||
MASK=0
|
||||
else
|
||||
VALUES=('0' '128' '192' '224' '240' '248' '252' '254' '255')
|
||||
MASK=${VALUES[$1]}
|
||||
fi
|
||||
fi
|
||||
echo $(($2 & $MASK))
|
||||
}
|
||||
|
||||
# transforms a specific ip with CIDR suffix like 1.2.3.4/16
|
||||
# to subnet with cidr suffix like 1.2.0.0/16
|
||||
function _sanitize_ipv4_to_subnet_cidr() {
|
||||
IP=${1%%/*}
|
||||
PREFIX_LENGTH=${1#*/}
|
||||
IP=${1%%/*}
|
||||
PREFIX_LENGTH=${1#*/}
|
||||
|
||||
# split IP by . into digits
|
||||
DIGITS=(${IP//./ })
|
||||
# split IP by . into digits
|
||||
DIGITS=(${IP//./ })
|
||||
|
||||
# mask digits according to prefix length
|
||||
MASKED_DIGITS=()
|
||||
DIGIT_PREFIX_LENGTH="$PREFIX_LENGTH"
|
||||
for DIGIT in "${DIGITS[@]}" ; do
|
||||
MASKED_DIGITS+=( $(_mask_ip_digit $DIGIT_PREFIX_LENGTH $DIGIT) )
|
||||
DIGIT_PREFIX_LENGTH=$(( $DIGIT_PREFIX_LENGTH - 8 ))
|
||||
done
|
||||
# mask digits according to prefix length
|
||||
MASKED_DIGITS=()
|
||||
DIGIT_PREFIX_LENGTH="$PREFIX_LENGTH"
|
||||
for DIGIT in "${DIGITS[@]}"; do
|
||||
MASKED_DIGITS+=($(_mask_ip_digit $DIGIT_PREFIX_LENGTH $DIGIT))
|
||||
DIGIT_PREFIX_LENGTH=$(($DIGIT_PREFIX_LENGTH - 8))
|
||||
done
|
||||
|
||||
# output masked ip plus prefix length
|
||||
echo ${MASKED_DIGITS[0]}.${MASKED_DIGITS[1]}.${MASKED_DIGITS[2]}.${MASKED_DIGITS[3]}/$PREFIX_LENGTH
|
||||
}
|
||||
# output masked ip plus prefix length
|
||||
echo ${MASKED_DIGITS[0]}.${MASKED_DIGITS[1]}.${MASKED_DIGITS[2]}.${MASKED_DIGITS[3]}/$PREFIX_LENGTH
|
||||
}
|
||||
|
||||
# extracts certificates from acme.json and returns 0 if found
|
||||
function extractCertsFromAcmeJson() {
|
||||
WHAT=$1
|
||||
# sorry for the code-golf :(
|
||||
KEY=$(cat /etc/letsencrypt/acme.json | python -c "import sys,json,itertools; print map(lambda c: c[\"key\"] if (c[\"domain\"][\"main\"]==\"$WHAT\" or \"$WHAT\" in c[\"domain\"][\"sans\"]) else \"\", list(itertools.chain.from_iterable(map(lambda x: x[\"Certificates\"], json.load(sys.stdin).values()))))[0]")
|
||||
CERT=$(cat /etc/letsencrypt/acme.json | python -c "import sys,json,itertools; print map(lambda c: c[\"certificate\"] if (c[\"domain\"][\"main\"]==\"$WHAT\" or \"$WHAT\" in c[\"domain\"][\"sans\"]) else \"\", list(itertools.chain.from_iterable(map(lambda x: x[\"Certificates\"], json.load(sys.stdin).values()))))[0]")
|
||||
|
||||
if [[ -n "${KEY}${CERT}" ]]; then
|
||||
mkdir -p /etc/letsencrypt/live/"$HOSTNAME"/
|
||||
echo $KEY | base64 -d >/etc/letsencrypt/live/"$HOSTNAME"/key.pem || exit 1
|
||||
echo $CERT | base64 -d >/etc/letsencrypt/live/"$HOSTNAME"/fullchain.pem || exit 1
|
||||
echo "Cert found in /etc/letsencrypt/acme.json for $WHAT"
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
|
|
|||
|
|
@ -505,7 +505,7 @@ function _setup_chksum_file() {
|
|||
pushd /tmp/docker-mailserver
|
||||
|
||||
declare -a cf_files=()
|
||||
for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf dovecot-quotas.cf; do
|
||||
for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf dovecot-quotas.cf /etc/letsencrypt/acme.json "/etc/letsencrypt/live/$HOSTNAME/key.pem" "/etc/letsencrypt/live/$HOSTNAME/fullchain.pem"; do
|
||||
[ -f "$file" ] && cf_files+=("$file")
|
||||
done
|
||||
|
||||
|
|
@ -1048,6 +1048,8 @@ function _setup_ssl() {
|
|||
local LETSENCRYPT_DOMAIN=""
|
||||
local LETSENCRYPT_KEY=""
|
||||
|
||||
[[ -f /etc/letsencrypt/acme.json ]] && (extractCertsFromAcmeJson "$HOSTNAME" || extractCertsFromAcmeJson "$DOMAINNAME")
|
||||
|
||||
# first determine the letsencrypt domain by checking both the full hostname or just the domainname if a SAN is used in the cert
|
||||
if [ -e "/etc/letsencrypt/live/$HOSTNAME/fullchain.pem" ]; then
|
||||
LETSENCRYPT_DOMAIN=$HOSTNAME
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue