Cleaned code after live testing and improved documentation

This commit is contained in:
Thomas VIAL 2015-12-05 17:32:33 +01:00
parent e5719ceacb
commit fe55350645
5 changed files with 39 additions and 27 deletions

28
SSL.md
View file

@ -7,14 +7,30 @@ There are multiple options to enable SSL:
## let's encrypt
To enable Let's Encrypt on your mail server, you have to add en environment variable `DMS_SSL` with value `letsencrypt`.
You also have to mount your `letsencrypt` folder to `/etc/letsencrypt`.
TO BE FINISHED WHEN IT WILL BE TESTED
To enable Let's Encrypt on your mail server, you have to add en environment variable `DMS_SSL` with value `letsencrypt` (see `docker-compose.yml.dist`)
You also have to mount your `letsencrypt` folder to `/etc/letsencrypt` and it should look like that:
├── etc
│   └── letsencrypt
│   ├── accounts
│   ├── archive
│   │   └── mail.domain.com
│   │   ├── cert1.pem
│   │   ├── chain1.pem
│   │   ├── fullchain1.pem
│   │   └── privkey1.pem
│   ├── csr
│   ├── keys
│   ├── live
│   │   └── mail.domain.com
│   │   ├── cert.pem -> ../../archive/mail.domain.com/cert1.pem
│   │   ├── chain.pem -> ../../archive/mail.domain.com/chain1.pem
│   │   ├── combined.pem
│   │   ├── fullchain.pem -> ../../archive/mail.domain.com/fullchain1.pem
│   │   └── privkey.pem -> ../../archive/mail.domain.com/privkey1.pem
│   └── renewal
You don't have anything else to do.
## self signed certificates

View file

@ -2,7 +2,7 @@ mail:
# image: tvial/docker-mailserver
build: .
hostname: mail
domainname: my-domain.com
domainname: domain.com
ports:
- "25:25"
- "143:143"
@ -11,3 +11,6 @@ mail:
volumes:
- ./spamassassin:/tmp/spamassassin/
- ./postfix:/tmp/postfix/
- ./letsencrypt/etc:/etc/letsencrypt
environment:
- DMS_SSL=letsencrypt

View file

@ -59,13 +59,6 @@ case $DMS_SSL in
"letsencrypt" )
# letsencrypt folders and files mounted in /etc/letsencrypt
# Adding certificates from Letsencrypt and IdenTrust
# curl https://letsencrypt.org/certs/isrgrootx1.pem -so /etc/ssl/certs/isrgrootx1.pem
# curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem -so /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem
# curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem -so /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
# curl https://letsencrypt.org/certs/letsencryptauthorityx1.pem -so /etc/ssl/certs/letsencryptauthorityx1.pem
# curl https://letsencrypt.org/certs/letsencryptauthorityx2.pem -so /etc/ssl/certs/letsencryptauthorityx2.pem
# Postfix configuration
sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/fullchain.pem/g' /etc/postfix/main.cf
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf