mirror of
https://github.com/chatmail/relay.git
synced 2026-05-10 16:04:37 +00:00
Compare commits
6 Commits
1.10.0
...
support-se
| Author | SHA1 | Date | |
|---|---|---|---|
|
3a32817de8 | ||
|
|
c6dd4f9b21 | ||
|
|
a420e37612 | ||
|
|
5429f3e379 | ||
|
|
d2c98e9afc | ||
|
|
658d6923ae |
@@ -245,7 +245,7 @@ def _configure_dovecot(mail_server: str, debug: bool = False) -> bool:
|
||||
return need_restart
|
||||
|
||||
|
||||
def _configure_nginx(domain: str, debug: bool = False) -> bool:
|
||||
def _configure_nginx(domain: str, mail_server: str) -> bool:
|
||||
"""Configures nginx HTTP server."""
|
||||
need_restart = False
|
||||
|
||||
@@ -275,7 +275,7 @@ def _configure_nginx(domain: str, debug: bool = False) -> bool:
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config={"domain_name": domain},
|
||||
config={"mail_server": mail_server},
|
||||
)
|
||||
need_restart |= mta_sts_config.changed
|
||||
|
||||
@@ -333,7 +333,7 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
|
||||
dovecot_need_restart = _configure_dovecot(mail_server, debug=debug)
|
||||
postfix_need_restart = _configure_postfix(mail_domain, debug=debug)
|
||||
opendkim_need_restart = _configure_opendkim(mail_domain, dkim_selector)
|
||||
nginx_need_restart = _configure_nginx(mail_domain)
|
||||
nginx_need_restart = _configure_nginx(mail_domain, mail_server)
|
||||
mta_sts_need_restart = _install_mta_sts_daemon()
|
||||
|
||||
# deploy web pages and info if we have them
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
version: STSv1
|
||||
mode: enforce
|
||||
mx: {{ config.domain_name }}
|
||||
mx: {{ config.mail_server }}
|
||||
max_age: 2419200
|
||||
|
||||
@@ -20,8 +20,6 @@ http {
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_certificate /var/lib/acme/live/{{ config.domain_name }}/fullchain;
|
||||
ssl_certificate_key /var/lib/acme/live/{{ config.domain_name }}/privkey;
|
||||
|
||||
gzip on;
|
||||
|
||||
@@ -30,6 +28,8 @@ http {
|
||||
listen [::]:80 default_server;
|
||||
listen 443 ssl default_server;
|
||||
listen [::]:443 ssl default_server;
|
||||
ssl_certificate /var/lib/acme/live/{{ config.domain_name }}/fullchain;
|
||||
ssl_certificate_key /var/lib/acme/live/{{ config.domain_name }}/privkey;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
@@ -37,6 +37,28 @@ http {
|
||||
|
||||
server_name _;
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
index index.html index.htm;
|
||||
|
||||
server_name mta-sts.{{ config.domain_name }};
|
||||
|
||||
ssl_certificate /var/lib/acme/live/mta-sts.{{ config.domain_name }}/fullchain;
|
||||
ssl_certificate_key /var/lib/acme/live/mta-sts.{{ config.domain_name }}/privkey;
|
||||
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
#!/bin/sh
|
||||
: ${CHATMAIL_DOMAIN:=c1.testrun.org}
|
||||
: ${CHATMAIL_SERVER:=$CHATMAIL_DOMAIN}
|
||||
: ${CHATMAIL_SSH:=$CHATMAIL_DOMAIN}
|
||||
|
||||
set -e
|
||||
@@ -8,16 +9,22 @@ EMAIL="root@$CHATMAIL_DOMAIN"
|
||||
ACME_ACCOUNT_URL="$($SSH -- acmetool account-url)"
|
||||
|
||||
cat <<EOF
|
||||
$CHATMAIL_DOMAIN. MX 10 $CHATMAIL_DOMAIN.
|
||||
$CHATMAIL_DOMAIN. TXT "v=spf1 a:$CHATMAIL_DOMAIN -all"
|
||||
$CHATMAIL_DOMAIN. MX 10 $CHATMAIL_SERVER.
|
||||
$CHATMAIL_DOMAIN. TXT "v=spf1 a:$CHATMAIL_SERVER -all"
|
||||
_dmarc.$CHATMAIL_DOMAIN. TXT "v=DMARC1;p=reject;rua=mailto:$EMAIL;ruf=mailto:$EMAIL;fo=1;adkim=r;aspf=r"
|
||||
_submission._tcp.$CHATMAIL_DOMAIN. SRV 0 1 587 $CHATMAIL_DOMAIN.
|
||||
_submissions._tcp.$CHATMAIL_DOMAIN. SRV 0 1 465 $CHATMAIL_DOMAIN.
|
||||
_imap._tcp.$CHATMAIL_DOMAIN. SRV 0 1 143 $CHATMAIL_DOMAIN.
|
||||
_imaps._tcp.$CHATMAIL_DOMAIN. SRV 0 1 993 $CHATMAIL_DOMAIN.
|
||||
_submission._tcp.$CHATMAIL_SERVER. SRV 0 1 587 $CHATMAIL_SERVER.
|
||||
_submissions._tcp.$CHATMAIL_SERVER. SRV 0 1 465 $CHATMAIL_SERVER.
|
||||
_imap._tcp.$CHATMAIL_SERVER. SRV 0 1 143 $CHATMAIL_SERVER.
|
||||
_imaps._tcp.$CHATMAIL_SERVER. SRV 0 1 993 $CHATMAIL_SERVER.
|
||||
$CHATMAIL_DOMAIN. IN CAA 128 issue "letsencrypt.org;accounturi=$ACME_ACCOUNT_URL"
|
||||
_mta-sts.$CHATMAIL_DOMAIN. IN TXT "v=STSv1; id=$(date -u '+%Y%m%d%H%M')"
|
||||
mta-sts.$CHATMAIL_DOMAIN. IN CNAME $CHATMAIL_DOMAIN.
|
||||
_smtp._tls.$CHATMAIL_DOMAIN. IN TXT "v=TLSRPTv1;rua=mailto:$EMAIL"
|
||||
mta-sts.$CHATMAIL_SERVER. IN CNAME $CHATMAIL_SERVER.
|
||||
_smtp._tls.$CHATMAIL_SERVER. IN TXT "v=TLSRPTv1;rua=mailto:$EMAIL"
|
||||
EOF
|
||||
if [ "$CHATMAIL_DOMAIN" != "$CHATMAIL_SERVER" ]; then
|
||||
cat <<EOF
|
||||
mta-sts.$CHATMAIL_DOMAIN. IN CNAME mta-sts.$CHATMAIL_SERVER.
|
||||
_smtp._tls.$CHATMAIL_DOMAIN. IN CNAME _smtp._tls.$CHATMAIL_SERVER.
|
||||
EOF
|
||||
fi
|
||||
$SSH opendkim-genzone -F | sed 's/^;.*$//;/^$/d'
|
||||
|
||||
Reference in New Issue
Block a user