YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

[enh] Add SNI support to postfix and dovecot

Browse source
This commit is contained in:
Tagadda 2022-01-19 20:10:28 +00:00
parent 140e50253f
commit 9ef3a1bfff
5 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
conf/dovecot/dovecot.conf
View file

@ -21,6 +21,11 @@ ssl = required
ssl_cert = </etc/yunohost/certs/{{ main_domain }}/crt.pem ssl_cert = </etc/yunohost/certs/{{ main_domain }}/crt.pem
ssl_key = </etc/yunohost/certs/{{ main_domain }}/key.pem ssl_key = </etc/yunohost/certs/{{ main_domain }}/key.pem
{% for domain in domain_list.split() %}{% if domain != main_domain %}
local_name {{ domain }} {
ssl_cert = </etc/yunohost/certs/{{ domain }}/crt.pem
ssl_key = </etc/yunohost/certs/{{ domain }}/key.pem
}{% endif %}{% endfor %}
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dh = </usr/share/yunohost/ffdhe2048.pem ssl_dh = </usr/share/yunohost/ffdhe2048.pem

7
conf/postfix/main.cf
View file

@ -23,8 +23,11 @@ smtpd_use_tls = yes
smtpd_tls_security_level = may smtpd_tls_security_level = may
smtpd_tls_auth_only = yes smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/yunohost/certs/{{ main_domain }}/crt.pem smtpd_tls_chain_files =
smtpd_tls_key_file = /etc/yunohost/certs/{{ main_domain }}/key.pem /etc/yunohost/certs/{{ main_domain }}/key.pem,
/etc/yunohost/certs/{{ main_domain }}/crt.pem
tls_server_chain_sni_maps = hash:/etc/postfix/sni
{% if compatibility == "intermediate" %} {% if compatibility == "intermediate" %}
# generated 2020-08-18, Mozilla Guideline v5.6, Postfix 3.4.14, OpenSSL 1.1.1d, intermediate configuration # generated 2020-08-18, Mozilla Guideline v5.6, Postfix 3.4.14, OpenSSL 1.1.1d, intermediate configuration

2
conf/postfix/sni Normal file
View file

@ -0,0 +1,2 @@
{% for domain in domain_list.split() %}{{ domain }} /etc/yunohost/certs/{{ domain }}/key.pem /etc/yunohost/certs/{{ domain }}/crt.pem
{% endfor %}

3
hooks/conf_regen/19-postfix
View file

@ -46,6 +46,7 @@ do_pre_regen() {
export main_domain export main_domain
export domain_list="$YNH_DOMAINS" export domain_list="$YNH_DOMAINS"
ynh_render_template "main.cf" "${postfix_dir}/main.cf" ynh_render_template "main.cf" "${postfix_dir}/main.cf"
ynh_render_template "sni" "${postfix_dir}/sni"
cat postsrsd \ cat postsrsd \
| sed "s/{{ main_domain }}/${main_domain}/g" \ | sed "s/{{ main_domain }}/${main_domain}/g" \
@ -73,6 +74,8 @@ do_post_regen() {
postmap /etc/postfix/sasl_passwd postmap /etc/postfix/sasl_passwd
fi fi
postmap -F hash:/etc/postfix/sni
[[ -z "$regen_conf_files" ]] \ [[ -z "$regen_conf_files" ]] \
|| { systemctl restart postfix && systemctl restart postsrsd; } || { systemctl restart postfix && systemctl restart postsrsd; }

1
hooks/conf_regen/25-dovecot
View file

@ -18,6 +18,7 @@ do_pre_regen() {
export pop3_enabled="$(yunohost settings get 'pop3.enabled')" export pop3_enabled="$(yunohost settings get 'pop3.enabled')"
export main_domain=$(cat /etc/yunohost/current_host) export main_domain=$(cat /etc/yunohost/current_host)
export domain_list="$YNH_DOMAINS"
ynh_render_template "dovecot.conf" "${dovecot_dir}/dovecot.conf" ynh_render_template "dovecot.conf" "${dovecot_dir}/dovecot.conf"