cqrenet/relay
3
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-15 19:14:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: support externally managed TLS via tls_external_cert_and_key option

Browse Source 
Adds a new tls_external_cert_and_key config option for chatmail servers
that manage their own TLS certificates (e.g. via an external ACME client
or a load balancer).

A systemd path unit (tls-cert-reload.path) watches the certificate file
via inotify and automatically reloads dovecot and nginx when it changes.
Postfix reads certs per TLS handshake so needs no reload.

Also extracts openssl_selfsigned_args() so cert generation parameters
are shared between SelfSignedTlsDeployer and the e2e test.
This commit is contained in:
holger krekel
2026-02-19 19:18:33 +01:00
committed by j4n
parent 06d53503e5
commit 0ae2c19dab
5 changed files with 390 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/test-and-deploy-ipv4only.yaml vendored
View File

@@ -102,3 +102,11 @@ jobs:
- name: cmdeploy dns
run: ssh root@staging-ipv4.testrun.org "cd relay && scripts/cmdeploy dns -v --ssh-host localhost"
test-tls-external:
needs: deploy
uses: ./.github/workflows/reusable-test-tls-external.yaml
with:
domain: staging-ipv4.testrun.org
secrets:
STAGING_SSH_KEY: ${{ secrets.STAGING_SSH_KEY }}