mirror of
https://github.com/chatmail/relay.git
synced 2026-05-18 20:08:21 +00:00
Fix bug with attaching certs
This commit is contained in:
Keonik1
@@ -29,7 +29,7 @@ services:
|
|||||||
# RECREATE_VENV: "false"
|
# RECREATE_VENV: "false"
|
||||||
USE_FOREIGN_CERT_MANAGER: "true"
|
USE_FOREIGN_CERT_MANAGER: "true"
|
||||||
CHANGE_KERNEL_SETTINGS: "false"
|
CHANGE_KERNEL_SETTINGS: "false"
|
||||||
PATH_TO_SSL_CONTAINER: $PATH_TO_SSL_CONTAINER
|
PATH_TO_SSL: "${CERTS_ROOT_DIR_CONTAINER}/${MAIL_DOMAIN}"
|
||||||
ENABLE_CERTS_MONITORING: "true"
|
ENABLE_CERTS_MONITORING: "true"
|
||||||
# CERTS_MONITORING_TIMEOUT: 60
|
# CERTS_MONITORING_TIMEOUT: 60
|
||||||
# IS_DEVELOPMENT_INSTANCE: "true"
|
# IS_DEVELOPMENT_INSTANCE: "true"
|
||||||
@@ -43,7 +43,7 @@ services:
|
|||||||
## system
|
## system
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:rw # required for systemd
|
- /sys/fs/cgroup:/sys/fs/cgroup:rw # required for systemd
|
||||||
- ./:/opt/chatmail
|
- ./:/opt/chatmail
|
||||||
- ${PATH_TO_SSL_HOST}:${PATH_TO_SSL_CONTAINER}:ro
|
- ${CERTS_ROOT_DIR_HOST}:${CERTS_ROOT_DIR_CONTAINER}:ro
|
||||||
|
|
||||||
## data
|
## data
|
||||||
- ./data/chatmail:/home
|
- ./data/chatmail:/home
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
MAIL_DOMAIN="chat.example.com"
|
MAIL_DOMAIN="chat.example.com"
|
||||||
ACME_EMAIL="my.email@gmail.com"
|
ACME_EMAIL="my.email@gmail.com"
|
||||||
|
|
||||||
PATH_TO_SSL_HOST="./traefik/data/letsencrypt/certs/${MAIL_DOMAIN}"
|
CERTS_ROOT_DIR_HOST="./traefik/data/letsencrypt/certs"
|
||||||
PATH_TO_SSL_CONTAINER="/var/lib/acme/live/${MAIL_DOMAIN}"
|
CERTS_ROOT_DIR_CONTAINER="/var/lib/acme/live"
|
||||||
|
|||||||
@@ -2,13 +2,13 @@
|
|||||||
set -eo pipefail
|
set -eo pipefail
|
||||||
|
|
||||||
if [ "${USE_FOREIGN_CERT_MANAGER,,}" == "true" ]; then
|
if [ "${USE_FOREIGN_CERT_MANAGER,,}" == "true" ]; then
|
||||||
if [ ! -f "$PATH_TO_SSL_CONTAINER/fullchain" ]; then
|
if [ ! -f "$PATH_TO_SSL/fullchain" ]; then
|
||||||
echo "Error: file '$PATH_TO_SSL_CONTAINER/fullchain' does not exist. Exiting..." > /dev/stderr
|
echo "Error: file '$PATH_TO_SSL/fullchain' does not exist. Exiting..." > /dev/stderr
|
||||||
sleep 2
|
sleep 2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
if [ ! -f "$PATH_TO_SSL_CONTAINER/privkey" ]; then
|
if [ ! -f "$PATH_TO_SSL/privkey" ]; then
|
||||||
echo "Error: file '$PATH_TO_SSL_CONTAINER/privkey' does not exist. Exiting..." > /dev/stderr
|
echo "Error: file '$PATH_TO_SSL/privkey' does not exist. Exiting..." > /dev/stderr
|
||||||
sleep 2
|
sleep 2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -4,7 +4,7 @@ set -eo pipefail
|
|||||||
export INI_FILE="${INI_FILE:-chatmail.ini}"
|
export INI_FILE="${INI_FILE:-chatmail.ini}"
|
||||||
export ENABLE_CERTS_MONITORING="${ENABLE_CERTS_MONITORING:-true}"
|
export ENABLE_CERTS_MONITORING="${ENABLE_CERTS_MONITORING:-true}"
|
||||||
export CERTS_MONITORING_TIMEOUT="${CERTS_MONITORING_TIMEOUT:-60}"
|
export CERTS_MONITORING_TIMEOUT="${CERTS_MONITORING_TIMEOUT:-60}"
|
||||||
export PATH_TO_SSL_CONTAINER="${PATH_TO_SSL_CONTAINER:-/var/lib/acme/live/${MAIL_DOMAIN}}"
|
export PATH_TO_SSL="${PATH_TO_SSL:-/var/lib/acme/live/${MAIL_DOMAIN}}"
|
||||||
export CHANGE_KERNEL_SETTINGS=${CHANGE_KERNEL_SETTINGS:-"False"}
|
export CHANGE_KERNEL_SETTINGS=${CHANGE_KERNEL_SETTINGS:-"False"}
|
||||||
export RECREATE_VENV=${RECREATE_VENV:-"false"}
|
export RECREATE_VENV=${RECREATE_VENV:-"false"}
|
||||||
|
|
||||||
@@ -20,7 +20,7 @@ debug_commands() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
calculate_hash() {
|
calculate_hash() {
|
||||||
find "$PATH_TO_SSL_CONTAINER" -type f -exec sha1sum {} \; | sort | sha1sum | awk '{print $1}'
|
find "$PATH_TO_SSL" -type f -exec sha1sum {} \; | sort | sha1sum | awk '{print $1}'
|
||||||
}
|
}
|
||||||
|
|
||||||
monitor_certificates() {
|
monitor_certificates() {
|
||||||
|
|||||||
@@ -72,7 +72,7 @@ sudo sysctl --system
|
|||||||
- `USE_FOREIGN_CERT_MANAGER` – Use a third-party certificate manager. (default: `false`)
|
- `USE_FOREIGN_CERT_MANAGER` – Use a third-party certificate manager. (default: `false`)
|
||||||
- `RECREATE_VENV` - Recreate the virtual environment (venv). If set to `true`, the environment will be recreated when the container starts, which will increase the startup time of the service but can help avoid certain errors. (default: `false`)
|
- `RECREATE_VENV` - Recreate the virtual environment (venv). If set to `true`, the environment will be recreated when the container starts, which will increase the startup time of the service but can help avoid certain errors. (default: `false`)
|
||||||
- `INI_FILE` – Path to the ini configuration file. (default: `./chatmail.ini`)
|
- `INI_FILE` – Path to the ini configuration file. (default: `./chatmail.ini`)
|
||||||
- `PATH_TO_SSL_CONTAINER` – Path to where the certificates are stored. (default: `/var/lib/acme/live/${MAIL_DOMAIN}`)
|
- `PATH_TO_SSL` – Path to where the certificates are stored. (default: `/var/lib/acme/live/${MAIL_DOMAIN}`)
|
||||||
- `ENABLE_CERTS_MONITORING` – Enable certificate monitoring if `USE_FOREIGN_CERT_MANAGER=true`. If certificates change, services will be automatically restarted. (default: `false`)
|
- `ENABLE_CERTS_MONITORING` – Enable certificate monitoring if `USE_FOREIGN_CERT_MANAGER=true`. If certificates change, services will be automatically restarted. (default: `false`)
|
||||||
- `CERTS_MONITORING_TIMEOUT` – Interval in seconds to check if certificates have changed. (default: `'60'`)
|
- `CERTS_MONITORING_TIMEOUT` – Interval in seconds to check if certificates have changed. (default: `'60'`)
|
||||||
|
|
||||||
@@ -171,10 +171,10 @@ set -eo pipefail
|
|||||||
|
|
||||||
export ENABLE_CERTS_MONITORING="${ENABLE_CERTS_MONITORING:-true}"
|
export ENABLE_CERTS_MONITORING="${ENABLE_CERTS_MONITORING:-true}"
|
||||||
export CERTS_MONITORING_TIMEOUT="${CERTS_MONITORING_TIMEOUT:-60}"
|
export CERTS_MONITORING_TIMEOUT="${CERTS_MONITORING_TIMEOUT:-60}"
|
||||||
export PATH_TO_SSL_CONTAINER="${PATH_TO_SSL_CONTAINER:-/var/lib/acme/live/${MAIL_DOMAIN}}"
|
export PATH_TO_SSL="${PATH_TO_SSL:-/var/lib/acme/live/${MAIL_DOMAIN}}"
|
||||||
|
|
||||||
calculate_hash() {
|
calculate_hash() {
|
||||||
find "$PATH_TO_SSL_CONTAINER" -type f -exec sha1sum {} \; | sort | sha1sum | awk '{print $1}'
|
find "$PATH_TO_SSL" -type f -exec sha1sum {} \; | sort | sha1sum | awk '{print $1}'
|
||||||
}
|
}
|
||||||
|
|
||||||
monitor_certificates() {
|
monitor_certificates() {
|
||||||
|
|||||||
@@ -64,7 +64,7 @@ sudo sysctl --system
|
|||||||
- `USE_FOREIGN_CERT_MANAGER` - Использовать сторонний менеджер сертификатов. (default: `false`)
|
- `USE_FOREIGN_CERT_MANAGER` - Использовать сторонний менеджер сертификатов. (default: `false`)
|
||||||
- `RECREATE_VENV` - Пересоздать виртуальное окружение (venv). Если выставлено `true`, то окружение будет пересоздано при запуске контейнера, из-за чего включение сервиса займет больше времени, но поможет избежать ряда ошибок. (default: `false`)
|
- `RECREATE_VENV` - Пересоздать виртуальное окружение (venv). Если выставлено `true`, то окружение будет пересоздано при запуске контейнера, из-за чего включение сервиса займет больше времени, но поможет избежать ряда ошибок. (default: `false`)
|
||||||
- `INI_FILE` - путь к ini файлу конфигурации. (default: `./chatmail.ini`)
|
- `INI_FILE` - путь к ini файлу конфигурации. (default: `./chatmail.ini`)
|
||||||
- `PATH_TO_SSL_CONTAINER` - Путь где располагаются сертификаты. (default: `/var/lib/acme/live/${MAIL_DOMAIN}`)
|
- `PATH_TO_SSL` - Путь где располагаются сертификаты. (default: `/var/lib/acme/live/${MAIL_DOMAIN}`)
|
||||||
- `ENABLE_CERTS_MONITORING` - Включить мониторинг сертификатов, если `USE_FOREIGN_CERT_MANAGER=true`. Если сертфикаты изменятся сервисы будут автоматически перезапущены. (default: `false`)
|
- `ENABLE_CERTS_MONITORING` - Включить мониторинг сертификатов, если `USE_FOREIGN_CERT_MANAGER=true`. Если сертфикаты изменятся сервисы будут автоматически перезапущены. (default: `false`)
|
||||||
- `CERTS_MONITORING_TIMEOUT` - Раз во сколько секунд проверять что изменились сертификаты. (default: `'60'`)
|
- `CERTS_MONITORING_TIMEOUT` - Раз во сколько секунд проверять что изменились сертификаты. (default: `'60'`)
|
||||||
|
|
||||||
@@ -150,10 +150,10 @@ set -eo pipefail
|
|||||||
|
|
||||||
export ENABLE_CERTS_MONITORING="${ENABLE_CERTS_MONITORING:-true}"
|
export ENABLE_CERTS_MONITORING="${ENABLE_CERTS_MONITORING:-true}"
|
||||||
export CERTS_MONITORING_TIMEOUT="${CERTS_MONITORING_TIMEOUT:-60}"
|
export CERTS_MONITORING_TIMEOUT="${CERTS_MONITORING_TIMEOUT:-60}"
|
||||||
export PATH_TO_SSL_CONTAINER="${PATH_TO_SSL_CONTAINER:-/var/lib/acme/live/${MAIL_DOMAIN}}"
|
export PATH_TO_SSL="${PATH_TO_SSL:-/var/lib/acme/live/${MAIL_DOMAIN}}"
|
||||||
|
|
||||||
calculate_hash() {
|
calculate_hash() {
|
||||||
find "$PATH_TO_SSL_CONTAINER" -type f -exec sha1sum {} \; | sort | sha1sum | awk '{print $1}'
|
find "$PATH_TO_SSL" -type f -exec sha1sum {} \; | sort | sha1sum | awk '{print $1}'
|
||||||
}
|
}
|
||||||
|
|
||||||
monitor_certificates() {
|
monitor_certificates() {
|
||||||
|
|||||||
@@ -1,6 +1,9 @@
|
|||||||
CERTS_DIR=${CERTS_DIR:-"/data/letsencrypt/certs"}
|
CERTS_DIR=${CERTS_DIR:-"/data/letsencrypt/certs"}
|
||||||
|
|
||||||
|
echo "CERTS_DIR: $CERTS_DIR"
|
||||||
|
|
||||||
for dir in "$CERTS_DIR"/*/; do
|
for dir in "$CERTS_DIR"/*/; do
|
||||||
|
echo "Processing: $dir"
|
||||||
cd "$dir"
|
cd "$dir"
|
||||||
if [ -f "certificate.crt" ]; then
|
if [ -f "certificate.crt" ]; then
|
||||||
ln -sf certificate.crt fullchain
|
ln -sf certificate.crt fullchain
|
||||||
|
|||||||
Reference in New Issue
Block a user