cqrenet/relay
4
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-06-13 07:01:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: support externally managed TLS via tls_external_cert_and_key option

Browse Source 
Adds a new tls_external_cert_and_key config option for chatmail servers
that manage their own TLS certificates (e.g. via an external ACME client
or a load balancer).

A systemd path unit (tls-cert-reload.path) watches the certificate file
via inotify and automatically reloads dovecot and nginx when it changes.
Postfix reads certs per TLS handshake so needs no reload.

Also extracts openssl_selfsigned_args() so cert generation parameters
are shared between SelfSignedTlsDeployer and the e2e test.
This commit is contained in:
holger krekel
2026-02-19 19:18:33 +01:00
committed by j4n
parent 06d53503e5
commit 0ae2c19dab
5 changed files with 390 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/test-and-deploy.yaml
+8
View File
@@ -95,3 +95,11 @@ jobs:
- name: cmdeploy dns
run: cmdeploy dns -v
test-tls-external:
needs: deploy
uses: ./.github/workflows/reusable-test-tls-external.yaml
with:
domain: staging2.testrun.org
secrets:
STAGING_SSH_KEY: ${{ secrets.STAGING_SSH_KEY }}