Moved SSL doc to the Wiki

This commit is contained in:
Thomas VIAL 2016-02-10 09:53:51 +01:00
parent 0f044ca6b5
commit dfd3a486d1
2 changed files with 1 additions and 61 deletions

View file

@ -92,7 +92,7 @@ Please read [how the container starts](https://github.com/tomav/docker-mailserve
## SSL
Please read [SSL.md](SSL.md) for more information.
Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/SSL) for more information.
## Todo

60
SSL.md
View file

@ -1,60 +0,0 @@
# docker-mailserver with ssl
There are multiple options to enable SSL:
* using [letsencrypt](https://letsencrypt.org/) (recommended)
* using self-signed certificates with the provided tool
After installation, you can test your setup with [checktls.com](https://www.checktls.com/TestReceiver).
## let's encrypt (recommended)
To enable Let's Encrypt on your mail server, you have to:
* get your certificate using [letsencrypt client](https://github.com/letsencrypt/letsencrypt)
* add an environment variable `DMS_SSL` with value `letsencrypt` (see `docker-compose.yml.dist`)
* mount your `letsencrypt` folder to `/etc/letsencrypt`
* the folder name must be the `fqdn` that is passed as `-h` argument (or concatenation of `hostname` and `domainname` is you are using `docker-compose`)
You don't have anything else to do. Enjoy.
## self signed certificates
You can easily generate a self-signed SSL certificate by using the following command:
docker run -ti --rm -v "$(pwd)"/postfix/ssl:/ssl -h mail.my-domain.com -t tvial/docker-mailserver generate-ssl-certificate
# Press enter
# Enter a password when needed
# Fill information like Country, Organisation name
# Fill "my-domain.com" as FQDN for CA, and "mail.my-domain.com" for the certificate.
# They HAVE to be different, otherwise you'll get a `TXT_DB error number 2`
# Don't fill extras
# Enter same password when needed
# Sign the certificate? [y/n]:y
# 1 out of 1 certificate requests certified, commit? [y/n]y
# will generate:
# postfix/ssl/mail.my-domain.com-key.pem (used in postfix)
# postfix/ssl/mail.my-domain.com-req.pem (only used to generate other files)
# postfix/ssl/mail.my-domain.com-cert.pem (used in postfix)
# postfix/ssl/mail.my-domain.com-combined.pem (used in courier)
# postfix/ssl/demoCA/cacert.pem (certificate authority)
Note that the certificate will be generate for the container `fqdn`, that is passed as `-h` argument.
Check the following page for more information regarding [postfix and SSL/TLS configuration](http://www.mad-hacking.net/documentation/linux/applications/mail/using-ssl-tls-postfix-courier.xml).
To use the certificate:
* add an `DMS_SSL=self-signed` to your container environment variables
* if a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder.
### Testing certificate
From your host:
docker exec mail openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/
And you should see the certificate chain, the server certificate and:
Verify return code: 0 (ok)