mar
/
container
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

working on mailserver

feature/startup-from-labels
Mario Alegre 5 years ago
parent
7c39e987b5
commit
15cc5d59e8
3 changed files with 8 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      src/mailserver/assets/dovecot.conf.d/10-ssl.conf
  2. 4
      src/mailserver/assets/main.cf
  3. 7
      src/mailserver/docs/Deploy.md

4
src/mailserver/assets/dovecot.conf.d/10-ssl.conf
View File

@ -9,8 +9,8 @@ ssl = yes
# dropping root privileges, so keep the key file unreadable by anyone but # dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed # root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf # certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/dovecot/private/dovecot.pem ssl_cert = </etc/ssl/$myhostname/fullchain.pem
ssl_key = </etc/dovecot/private/dovecot.key ssl_key = </etc/ssl/$myhostname/privkey.pem
# If key file is password protected, give the password here. Alternatively # If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often # give it when starting dovecot with -p parameter. Since this file is often

4
src/mailserver/assets/main.cf
View File

@ -27,8 +27,8 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# whether to allow or enforce TLS. Acceptable values are 'none', 'may', or 'encrypt'. # whether to allow or enforce TLS. Acceptable values are 'none', 'may', or 'encrypt'.
smtpd_tls_security_level=may smtpd_tls_security_level=may
# where to find certs # where to find certs
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_cert_file=/etc/ssl/$myhostname/fullchain.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_key_file=/etc/ssl/$myhostname/privkey.pem
# SASL (user authentication) settings # SASL (user authentication) settings
smtpd_sasl_type = dovecot smtpd_sasl_type = dovecot

7
src/mailserver/docs/Deploy.md
View File

@ -3,8 +3,9 @@
## create dirs ## create dirs
``` ```
mkdir -p /srv/volumes/mailserver/{db,mail} mkdir -p /srv/volumes/mailserver/{db,mail,ssl}
chown -R 5000:5000 /srv/volumes/mailserver chown -R 5000:5000 /srv/volumes/mailserver
chmod go-rwx /srv/volumes/mailserver/ssl
``` ```
put your `users` and `aliases.d` in the `db` directory. Mail will go in the `mail` directory. put your `users` and `aliases.d` in the `db` directory. Mail will go in the `mail` directory.
@ -44,6 +45,6 @@ nft insert rule inet myfilter myfirewall tcp dport 80 accept
Get a certificate for your domain by running: Get a certificate for your domain by running:
``` ```
certbot certonly --standalone --pre-hook "nft insert rule inet myfilter myfirewall tcp dport 80 accept" --post-hook "nft -f /etc/nftables.conf" certbot certonly --standalone --pre-hook "nft insert rule inet myfilter myfirewall tcp dport 80 accept" --post-hook "nft -f /etc/nftables.conf" --deploy-hook "rsync -vaSHL /etc/letsencrypt/live/${domain:?} /srv/volumes/mailserver/ssl/; chown -R 5000:5000 /srv/volumes/mailserver/ssl" -d ${domain:?}
``` ```
the application will ask you a few questions, including you domain. Including the appropriate hooks when issuing the certificate should guarantee that the hooks are also used when renewing. the application may ask you a few questions. Answer them as you would like. Including the appropriate hooks in the issue command should ensure that those hooks are also included in subsequent renew commands.

Write Preview
Loading…
Cancel
Save