mirror of
https://github.com/docker-mailserver/docker-mailserver
synced 2024-10-18 10:18:07 +02:00
Merge pull request #1553 from MichaelSp/letsencrypt-traefik-acme-json
Letsencrypt traefik v2 acme json
This commit is contained in:
commit
f206ad7ee1
@ -1,5 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
. /usr/local/bin/helper_functions.sh
|
||||
|
||||
# create date for log output
|
||||
log_date=$(date +"%Y-%m-%d %H:%M:%S ")
|
||||
echo "${log_date} Start check-for-changes script."
|
||||
@ -32,7 +34,7 @@ echo "${log_date} Using postmaster address ${PM_ADDRESS}"
|
||||
|
||||
# Create an array of files to monitor, must be the same as in start-mailserver.sh
|
||||
declare -a cf_files=()
|
||||
for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf dovecot-quotas.cf; do
|
||||
for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf dovecot-quotas.cf /etc/letsencrypt/acme.json "/etc/letsencrypt/live/$HOSTNAME/key.pem" "/etc/letsencrypt/live/$HOSTNAME/fullchain.pem"; do
|
||||
[ -f "$file" ] && cf_files+=("$file")
|
||||
done
|
||||
|
||||
@ -61,6 +63,14 @@ if [[ $chksum == *"FAIL"* ]]; then
|
||||
(
|
||||
flock -e 200
|
||||
|
||||
if [[ $chksum == *"/etc/letsencrypt/acme.json: FAILED"* ]]; then
|
||||
for certdomain in $SSL_DOMAIN $HOSTNAME $DOMAINNAME; do
|
||||
if extractCertsFromAcmeJson "$certdomain"; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
#regen postix aliases.
|
||||
echo "root: ${PM_ADDRESS}" > /etc/aliases
|
||||
if [ -f /tmp/docker-mailserver/postfix-aliases.cf ]; then
|
||||
|
@ -2,36 +2,54 @@
|
||||
|
||||
# expects mask prefix length and the digit
|
||||
function _mask_ip_digit() {
|
||||
if [[ $1 -ge 8 ]]; then
|
||||
MASK=255
|
||||
else
|
||||
if [[ $1 -le 0 ]]; then
|
||||
MASK=0
|
||||
else
|
||||
VALUES=('0' '128' '192' '224' '240' '248' '252' '254' '255')
|
||||
MASK=${VALUES[$1]}
|
||||
fi
|
||||
fi
|
||||
echo $(( $2 & $MASK ))
|
||||
if [[ $1 -ge 8 ]]; then
|
||||
MASK=255
|
||||
else
|
||||
if [[ $1 -le 0 ]]; then
|
||||
MASK=0
|
||||
else
|
||||
VALUES=('0' '128' '192' '224' '240' '248' '252' '254' '255')
|
||||
MASK=${VALUES[$1]}
|
||||
fi
|
||||
fi
|
||||
echo $(($2 & $MASK))
|
||||
}
|
||||
|
||||
# transforms a specific ip with CIDR suffix like 1.2.3.4/16
|
||||
# to subnet with cidr suffix like 1.2.0.0/16
|
||||
function _sanitize_ipv4_to_subnet_cidr() {
|
||||
IP=${1%%/*}
|
||||
PREFIX_LENGTH=${1#*/}
|
||||
IP=${1%%/*}
|
||||
PREFIX_LENGTH=${1#*/}
|
||||
|
||||
# split IP by . into digits
|
||||
DIGITS=(${IP//./ })
|
||||
# split IP by . into digits
|
||||
DIGITS=(${IP//./ })
|
||||
|
||||
# mask digits according to prefix length
|
||||
MASKED_DIGITS=()
|
||||
DIGIT_PREFIX_LENGTH="$PREFIX_LENGTH"
|
||||
for DIGIT in "${DIGITS[@]}" ; do
|
||||
MASKED_DIGITS+=( $(_mask_ip_digit $DIGIT_PREFIX_LENGTH $DIGIT) )
|
||||
DIGIT_PREFIX_LENGTH=$(( $DIGIT_PREFIX_LENGTH - 8 ))
|
||||
done
|
||||
# mask digits according to prefix length
|
||||
MASKED_DIGITS=()
|
||||
DIGIT_PREFIX_LENGTH="$PREFIX_LENGTH"
|
||||
for DIGIT in "${DIGITS[@]}"; do
|
||||
MASKED_DIGITS+=($(_mask_ip_digit $DIGIT_PREFIX_LENGTH $DIGIT))
|
||||
DIGIT_PREFIX_LENGTH=$(($DIGIT_PREFIX_LENGTH - 8))
|
||||
done
|
||||
|
||||
# output masked ip plus prefix length
|
||||
echo ${MASKED_DIGITS[0]}.${MASKED_DIGITS[1]}.${MASKED_DIGITS[2]}.${MASKED_DIGITS[3]}/$PREFIX_LENGTH
|
||||
}
|
||||
# output masked ip plus prefix length
|
||||
echo ${MASKED_DIGITS[0]}.${MASKED_DIGITS[1]}.${MASKED_DIGITS[2]}.${MASKED_DIGITS[3]}/$PREFIX_LENGTH
|
||||
}
|
||||
|
||||
# extracts certificates from acme.json and returns 0 if found
|
||||
function extractCertsFromAcmeJson() {
|
||||
WHAT=$1
|
||||
# sorry for the code-golf :(
|
||||
KEY=$(cat /etc/letsencrypt/acme.json | python -c "import sys,json,itertools; print map(lambda c: c[\"key\"] if (c[\"domain\"][\"main\"]==\"$WHAT\" or \"$WHAT\" in c[\"domain\"][\"sans\"]) else \"\", list(itertools.chain.from_iterable(map(lambda x: x[\"Certificates\"], json.load(sys.stdin).values()))))[0]")
|
||||
CERT=$(cat /etc/letsencrypt/acme.json | python -c "import sys,json,itertools; print map(lambda c: c[\"certificate\"] if (c[\"domain\"][\"main\"]==\"$WHAT\" or \"$WHAT\" in c[\"domain\"][\"sans\"]) else \"\", list(itertools.chain.from_iterable(map(lambda x: x[\"Certificates\"], json.load(sys.stdin).values()))))[0]")
|
||||
|
||||
if [[ -n "${KEY}${CERT}" ]]; then
|
||||
mkdir -p /etc/letsencrypt/live/"$HOSTNAME"/
|
||||
echo $KEY | base64 -d >/etc/letsencrypt/live/"$HOSTNAME"/key.pem || exit 1
|
||||
echo $CERT | base64 -d >/etc/letsencrypt/live/"$HOSTNAME"/fullchain.pem || exit 1
|
||||
echo "Cert found in /etc/letsencrypt/acme.json for $WHAT"
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
@ -505,7 +505,7 @@ function _setup_chksum_file() {
|
||||
pushd /tmp/docker-mailserver
|
||||
|
||||
declare -a cf_files=()
|
||||
for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf dovecot-quotas.cf; do
|
||||
for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf dovecot-quotas.cf /etc/letsencrypt/acme.json "/etc/letsencrypt/live/$HOSTNAME/key.pem" "/etc/letsencrypt/live/$HOSTNAME/fullchain.pem"; do
|
||||
[ -f "$file" ] && cf_files+=("$file")
|
||||
done
|
||||
|
||||
@ -1048,6 +1048,8 @@ function _setup_ssl() {
|
||||
local LETSENCRYPT_DOMAIN=""
|
||||
local LETSENCRYPT_KEY=""
|
||||
|
||||
[[ -f /etc/letsencrypt/acme.json ]] && (extractCertsFromAcmeJson "$HOSTNAME" || extractCertsFromAcmeJson "$DOMAINNAME")
|
||||
|
||||
# first determine the letsencrypt domain by checking both the full hostname or just the domainname if a SAN is used in the cert
|
||||
if [ -e "/etc/letsencrypt/live/$HOSTNAME/fullchain.pem" ]; then
|
||||
LETSENCRYPT_DOMAIN=$HOSTNAME
|
||||
|
@ -30,7 +30,7 @@
|
||||
|
||||
# Default realm/domain to use if none was specified. This is used for both
|
||||
# SASL realms and appending @domain to username in plaintext logins.
|
||||
#auth_default_realm =
|
||||
#auth_default_realm =
|
||||
|
||||
# List of allowed characters in username. If the user-given username contains
|
||||
# a character not listed in here, the login automatically fails. This is just
|
||||
@ -73,7 +73,7 @@
|
||||
# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
|
||||
# default (usually /etc/krb5.keytab) if not specified. You may need to change
|
||||
# the auth service to run as root to be able to read this file.
|
||||
#auth_krb5_keytab =
|
||||
#auth_krb5_keytab =
|
||||
|
||||
# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
|
||||
# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
|
||||
@ -88,9 +88,9 @@
|
||||
# Require a valid SSL client certificate or the authentication fails.
|
||||
#auth_ssl_require_client_cert = no
|
||||
|
||||
# Take the username from client's SSL certificate, using
|
||||
# Take the username from client's SSL certificate, using
|
||||
# X509_NAME_get_text_by_NID() which returns the subject's DN's
|
||||
# CommonName.
|
||||
# CommonName.
|
||||
#auth_ssl_username_from_cert = no
|
||||
|
||||
# Space separated list of wanted authentication mechanisms:
|
||||
|
@ -8,7 +8,7 @@ postmaster_address = postmaster@domain.com
|
||||
|
||||
# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
|
||||
# in LMTP replies. Default is the system's real hostname@domain.
|
||||
#hostname =
|
||||
#hostname =
|
||||
|
||||
# If user is over quota, return with temporary failure instead of
|
||||
# bouncing the mail.
|
||||
@ -32,7 +32,7 @@ postmaster_address = postmaster@domain.com
|
||||
#recipient_delimiter = +
|
||||
|
||||
# Header where the original recipient address (SMTP's RCPT TO: address) is taken
|
||||
# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
|
||||
# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
|
||||
# A commonly used header for this is X-Original-To.
|
||||
#lda_original_recipient_header =
|
||||
|
||||
|
29
test/config/letsencrypt/acme-changed.json
Normal file
29
test/config/letsencrypt/acme-changed.json
Normal file
File diff suppressed because one or more lines are too long
31
test/config/letsencrypt/acme.json
Normal file
31
test/config/letsencrypt/acme.json
Normal file
File diff suppressed because one or more lines are too long
18
test/config/letsencrypt/changed/cert.pem
Normal file
18
test/config/letsencrypt/changed/cert.pem
Normal file
@ -0,0 +1,18 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC5DCCAcygAwIBAgIJAN/+3LMQvnv1MA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
|
||||
BAMMB3Rlc3QtY2EwHhcNMjAwNjI5MjA1NTIxWhcNMjAwODI4MjA1NTIxWjAWMRQw
|
||||
EgYDVQQDDAtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
|
||||
ggEBAL5UNg7ybrXoCInmxQ+f38++sLEcgG6P0X+faH11Bw47Vt+mf1vltIh7ojO8
|
||||
DeXqFxsGL3S/YqyuXX0TGIOh/csjnvv1GEL1Ux0YCsyFkvflb8NuSKW52T0dnUqF
|
||||
ZFwldykCwHnQxmwYZxnZjVF2YOr/KmGZvO5dxSTs/qDuU0cp3FD4z2CBELLmzixv
|
||||
fO2Lgk1Yn/H9mNLNSKQaiSeCxId5CzNIlmUIfnL0tuc3n2fNigjuPKOV2H/7NVTT
|
||||
TriuP384bx9WTLfX29cn+Ho4hKBaq2t1Wmz+jsWi1gya1KrLAM4zzQHI+u6r3+jS
|
||||
3PsRVs1csyO2NCXqVo/bxqe38+sCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8E
|
||||
BAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEB
|
||||
CwUAA4IBAQAkmHHTaZ8hiStoA/XYjGXkHT5DBjjOhRm3mmdCF+xhbUcj/frwBYn0
|
||||
apAGfNSGq+PJTgVdsZUAC+sOfxRme3FjU5gAekeIDjOQMd1VbdmcIWtnJ+Ttz94F
|
||||
Qm5V7Df8kVkcqE6UvvXyX3YEFj2/fwb4hxyyl/fAWl5acWTLNA2mOKm/fMhKez+h
|
||||
3VGhKQ5ZGS0Qt+Lea3o7LWs5dH5LhSvs3Fe9PSddxa0Nbtr4sfgfOIQJgo2mCvch
|
||||
u5zFq7nvDqdsmdZwYMIcinpPWJgEoQLJWU/gWL2Ya+5kJ137smPcYX7jDSyBHlkQ
|
||||
oAYOB65YnoWxVuQtKqHW6f8nqD1nwEBn
|
||||
-----END CERTIFICATE-----
|
36
test/config/letsencrypt/changed/fullchain.pem
Normal file
36
test/config/letsencrypt/changed/fullchain.pem
Normal file
@ -0,0 +1,36 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC5DCCAcygAwIBAgIJAN/+3LMQvnv1MA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
|
||||
BAMMB3Rlc3QtY2EwHhcNMjAwNjI5MjA1NTIxWhcNMjAwODI4MjA1NTIxWjAWMRQw
|
||||
EgYDVQQDDAtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
|
||||
ggEBAL5UNg7ybrXoCInmxQ+f38++sLEcgG6P0X+faH11Bw47Vt+mf1vltIh7ojO8
|
||||
DeXqFxsGL3S/YqyuXX0TGIOh/csjnvv1GEL1Ux0YCsyFkvflb8NuSKW52T0dnUqF
|
||||
ZFwldykCwHnQxmwYZxnZjVF2YOr/KmGZvO5dxSTs/qDuU0cp3FD4z2CBELLmzixv
|
||||
fO2Lgk1Yn/H9mNLNSKQaiSeCxId5CzNIlmUIfnL0tuc3n2fNigjuPKOV2H/7NVTT
|
||||
TriuP384bx9WTLfX29cn+Ho4hKBaq2t1Wmz+jsWi1gya1KrLAM4zzQHI+u6r3+jS
|
||||
3PsRVs1csyO2NCXqVo/bxqe38+sCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8E
|
||||
BAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEB
|
||||
CwUAA4IBAQAkmHHTaZ8hiStoA/XYjGXkHT5DBjjOhRm3mmdCF+xhbUcj/frwBYn0
|
||||
apAGfNSGq+PJTgVdsZUAC+sOfxRme3FjU5gAekeIDjOQMd1VbdmcIWtnJ+Ttz94F
|
||||
Qm5V7Df8kVkcqE6UvvXyX3YEFj2/fwb4hxyyl/fAWl5acWTLNA2mOKm/fMhKez+h
|
||||
3VGhKQ5ZGS0Qt+Lea3o7LWs5dH5LhSvs3Fe9PSddxa0Nbtr4sfgfOIQJgo2mCvch
|
||||
u5zFq7nvDqdsmdZwYMIcinpPWJgEoQLJWU/gWL2Ya+5kJ137smPcYX7jDSyBHlkQ
|
||||
oAYOB65YnoWxVuQtKqHW6f8nqD1nwEBn
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC9zCCAd+gAwIBAgIJAP/41asK+I3BMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
|
||||
BAMMB3Rlc3QtY2EwHhcNMjAwNjI5MjA1NTIxWhcNMjAwODI4MjA1NTIxWjASMRAw
|
||||
DgYDVQQDDAd0ZXN0LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
||||
kzlOF3Q8wt6G8M8Cg+/UADlkbOUnBlbCwlRnqSrvrX7BRc37R1Y+KzsMmGgkPkvE
|
||||
czZuWbOQU8ghnQJwSHT/AK1g5jMc7mZLSkE+uVMor4+4Vgt4kKvfktzcCJOfo/qL
|
||||
XV2ePRgVlHj+peilqHMM8P03VPx6kq7oZE1pBlh4QyLz7DYcP6AD3Bq/HSM5hmvP
|
||||
iHbCHy6yf+QsuBqaWCec1ygc9GPnyDXQoDRAwlcA0aVSSosc6HeVQoDBPTzZUriM
|
||||
riqPK3YT4LGEH6nTx3RUtjuG8ZdGzpguw9/y0tcct777WLFIeuBQkmZiMG3Xeivu
|
||||
TbfHCbqJCO53fsbK0CrzEQIDAQABo1AwTjAdBgNVHQ4EFgQUxo6NXRi39QxJnZZD
|
||||
vbxco+m2U7YwHwYDVR0jBBgwFoAUxo6NXRi39QxJnZZDvbxco+m2U7YwDAYDVR0T
|
||||
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOBKMG2aaZ+f2Gazdtq7+IlRM3YFv
|
||||
inF5uaZ3bqC+pKDb1wZJLzWgHVgNSGXetHPKa9QpyQqEe/bYMK7avJo//Fmhg0+3
|
||||
SwI2g9BoIPBd4jIBY41h/zryTY4PLx/NqapWR4/3nDPJ3SSMHZ4JgP8GTXlzmF6j
|
||||
4UgwRrLFQd0ZZYNDRo8bZeUEqX70k0EqY9QxBjJgUzVyWYjP+/SeXABJyPv7lzRN
|
||||
nvKj3F91eNfqf8Y+WddvB8jn3LXok4SiFzxESfJ3nVOgwp8SPhhTShbXQaj48Fx8
|
||||
o6TGM9utPtN9qINwvqyrK4lUwKj6YLyTkV10oVgtJYhyyHVVl7Jhc8UIMw==
|
||||
-----END CERTIFICATE-----
|
27
test/config/letsencrypt/changed/key.pem
Normal file
27
test/config/letsencrypt/changed/key.pem
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAvlQ2DvJutegIiebFD5/fz76wsRyAbo/Rf59ofXUHDjtW36Z/
|
||||
W+W0iHuiM7wN5eoXGwYvdL9irK5dfRMYg6H9yyOe+/UYQvVTHRgKzIWS9+Vvw25I
|
||||
pbnZPR2dSoVkXCV3KQLAedDGbBhnGdmNUXZg6v8qYZm87l3FJOz+oO5TRyncUPjP
|
||||
YIEQsubOLG987YuCTVif8f2Y0s1IpBqJJ4LEh3kLM0iWZQh+cvS25zefZ82KCO48
|
||||
o5XYf/s1VNNOuK4/fzhvH1ZMt9fb1yf4ejiEoFqra3VabP6OxaLWDJrUqssAzjPN
|
||||
Acj67qvf6NLc+xFWzVyzI7Y0JepWj9vGp7fz6wIDAQABAoIBAQCufh4hjfoaI+TQ
|
||||
KRY5wOU8XSM4/VxyAMCdNNRjUMtrLNP0r3zMD8h36IFI1PwY8YjFaeJQMraQgjuL
|
||||
09oBtJ4tgzba4FWh7bCJV+VupHeddmgE0DMiXUThVylBjRH5uQ+KNc+o3tNLfwPn
|
||||
GyEIsnMgf1enq38fOjDoLa80c8s9zXhHtZx9JQzDUbQr+DNTS0RLP52MI/pXGC+g
|
||||
T225sVV39uqQFccHECacLDbYe5EhzRi2PNA98fHtO/lAP9jjvQiMccr0KjjzEHlS
|
||||
loFs1/y/vCAo/kThqhKL/0T3qdiG+YNsne+Thy2xx5W37YMGIte9f+5ymTmb+lgb
|
||||
fU6/i2thAoGBAPO6Urt50h3vJ2m/+MFCkokca195k9sYO1RMkTYHPZ5n4+nTu32o
|
||||
RDKu/KwOgly9cp00Qn8XIcDi7Mut8MK7RGv1WyZVlbX1+L31FT+c/N96rHBa5SHI
|
||||
nhdTLBLPTmb6OOPSWXEHl00vsltAlutIrufjzowEtgptOhYO8a608ihvAoGBAMfp
|
||||
kiu/0bl7cQgYfgfIfyc2iMOZSDlyTEE8qfhVkSV4X7l3rqy7yCP4G51pZCWVp9zY
|
||||
8S3mbiC3xXV6iO5PxehKVfvqrIqz2zZX8SF1a1L3zDFCpE6GfPpyRMn+Ma//8oxZ
|
||||
dptezZTB1RmP7zRwHTbkIxcSsnbET9cnd75rONJFAoGBAM0Bm1dQN5mwMNG1hPJi
|
||||
IcmsmvA63lA6yKS2pqnwWzcjocRrsVgXsg2DvMqohaSmQYLTk189QMny1kTYcRwK
|
||||
0pmQTnQnJv9f/zMgtBfG37jGgccb3YGWMsvhzL+hmgvqSvHuXAdD4FMvXHF/GbKc
|
||||
d2pb5r9Fsy2ABIzLUySl1M6HAoGABALgxvXzXFhovTPYm4lfW8cRWXNi6pwrgYeZ
|
||||
FX2KCwluSkdnftnJu0cILtFljAeDtb+4nyYngYqOcLwDsVxyaSXMseBUk/fl5yI+
|
||||
mWBExgZo13gx2c2DBndyf+cU0iY9lKla4uU1FM4K25dywkeZnndXaOgcIpvvyi5l
|
||||
jbGTE00CgYAT+UNomp8Jmm5aqC0MdsNt9mwOKLVtCk1Yz/X85PmSiSZxxmuq8U5u
|
||||
a8oaJ/NmmMpYsRG9py5mIgDWH1bryOZP7aPtOIVZpYH77qMrJ4vFbz2JaA1b1irJ
|
||||
22Hdj1XD7Lv2uqt7QUlaNQcukJFIHOxYRNYChlJnIEf2e70jdlCxLg==
|
||||
-----END RSA PRIVATE KEY-----
|
0
test/config/user-patches/user-patches.sh
Normal file → Executable file
0
test/config/user-patches/user-patches.sh
Normal file → Executable file
@ -22,7 +22,7 @@ function teardown() {
|
||||
|
||||
function setup_file() {
|
||||
# copy the custom DHE params in local config
|
||||
cp `pwd`/test/test-files/ssl/custom-dhe-params.pem `pwd`/test/config/dhparams.pem
|
||||
cp "`pwd`/test/test-files/ssl/custom-dhe-params.pem" "`pwd`/test/config/dhparams.pem"
|
||||
|
||||
docker run -d --name mail_manual_dhparams_not_one_dir \
|
||||
-v "`pwd`/test/config":/tmp/docker-mailserver \
|
||||
@ -35,7 +35,7 @@ function setup_file() {
|
||||
|
||||
function teardown_file() {
|
||||
# remove custom dhe file
|
||||
rm `pwd`/test/config/dhparams.pem
|
||||
rm "`pwd`/test/config/dhparams.pem"
|
||||
docker rm -f mail_manual_dhparams_not_one_dir
|
||||
}
|
||||
|
||||
|
@ -26,11 +26,25 @@ function setup_file() {
|
||||
-e SSL_TYPE=letsencrypt \
|
||||
-h mail.my-domain.com -t ${NAME}
|
||||
wait_for_finished_setup_in_container mail_lets_hostname
|
||||
|
||||
cp "`pwd`/test/config/letsencrypt/acme.json" "`pwd`/test/config/acme.json"
|
||||
docker run -d --name mail_lets_acme_json \
|
||||
-v "`pwd`/test/config":/tmp/docker-mailserver \
|
||||
-v "`pwd`/test/config/acme.json":/etc/letsencrypt/acme.json:ro \
|
||||
-v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-e DMS_DEBUG=0 \
|
||||
-e SSL_TYPE=letsencrypt \
|
||||
-e "SSL_DOMAIN=*.example.com" \
|
||||
-h mail.my-domain.com -t ${NAME}
|
||||
|
||||
wait_for_finished_setup_in_container mail_lets_acme_json
|
||||
}
|
||||
|
||||
function teardown_file() {
|
||||
docker rm -f mail_lets_domain
|
||||
docker rm -f mail_lets_hostname
|
||||
docker rm -f mail_lets_acme_json
|
||||
rm "`pwd`/test/config/acme.json"
|
||||
}
|
||||
|
||||
# this test must come first to reliably identify when to run setup_file
|
||||
@ -78,6 +92,44 @@ function teardown_file() {
|
||||
assert_success
|
||||
}
|
||||
|
||||
#
|
||||
# acme.json updates
|
||||
#
|
||||
|
||||
@test "checking changedetector: server is ready" {
|
||||
run docker exec mail_lets_acme_json /bin/bash -c "ps aux | grep '/bin/bash /usr/local/bin/check-for-changes.sh'"
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "can extract certs from acme.json" {
|
||||
run docker exec mail_lets_acme_json /bin/bash -c "cat /etc/letsencrypt/live/mail.my-domain.com/key.pem"
|
||||
assert_output "$(cat "`pwd`/test/config/letsencrypt/mail.my-domain.com/privkey.pem")"
|
||||
assert_success
|
||||
|
||||
run docker exec mail_lets_acme_json /bin/bash -c "cat /etc/letsencrypt/live/mail.my-domain.com/fullchain.pem"
|
||||
assert_output "$(cat "`pwd`/test/config/letsencrypt/mail.my-domain.com/fullchain.pem")"
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "can detect changes" {
|
||||
cp "`pwd`/test/config/letsencrypt/acme-changed.json" "`pwd`/test/config/acme.json"
|
||||
sleep 11
|
||||
run docker exec mail_lets_acme_json /bin/bash -c "supervisorctl tail changedetector"
|
||||
assert_output --partial "Cert found in /etc/letsencrypt/acme.json for *.example.com"
|
||||
assert_output --partial "postfix: stopped"
|
||||
assert_output --partial "postfix: started"
|
||||
assert_output --partial "Update checksum"
|
||||
|
||||
run docker exec mail_lets_acme_json /bin/bash -c "cat /etc/letsencrypt/live/mail.my-domain.com/key.pem"
|
||||
assert_output "$(cat "`pwd`/test/config/letsencrypt/changed/key.pem")"
|
||||
assert_success
|
||||
|
||||
run docker exec mail_lets_acme_json /bin/bash -c "cat /etc/letsencrypt/live/mail.my-domain.com/fullchain.pem"
|
||||
assert_output "$(cat "`pwd`/test/config/letsencrypt/changed/fullchain.pem")"
|
||||
assert_success
|
||||
}
|
||||
|
||||
|
||||
# this test is only there to reliably mark the end for the teardown_file
|
||||
@test "last" {
|
||||
skip 'Finished testing of letsencrypt SSL'
|
||||
|
Loading…
Reference in New Issue
Block a user