cf96be2cbb
feat: support self-signed TLS via underscore domain convention Domains starting with "_" (e.g. _chat.example.org) automatically use self-signed TLS certificates instead of ACME/Let's Encrypt. The TLS mode is derived from the domain name — no separate config option needed. Internally, when config.tls_cert_mode is "self" (underscore domain): - Generate self-signed certificates via openssl - Set Postfix smtp_tls_security_level to "encrypt" (opportunistic TLS) - Add smtp_tls_policy_map entry for underscore domains - Skip ACME, MTA-STS and www CNAME checks in `cmdeploy dns` - Serve /new via GET (not redirect to dcaccount:) with rate-limiting (nginx limit_req, 2r/s burst=5) - Return dclogin: URLs with ic=3 (AcceptInvalidCertificates) from /new - Render QR codes client-side via JavaScript and qrcode-svg - Use config.tls_cert_path/tls_key_path in Postfix, Dovecot and nginx templates instead of hardcoded ACME paths
1.4 KiB
Dear Delta Chat users and newcomers ...
{% if config.mail_domain != "nine.testrun.org" %} Welcome to instant, interoperable and privacy-preserving messaging :) {% else %} Welcome to the default onboarding server ({{ config.mail_domain }}) for Delta Chat users. For details how it avoids storing personal information please see our privacy policy. {% endif %}
{% if config.tls_cert_mode == "self" %} Get a {{config.mail_domain}} chat profile
If you are viewing this page on a different device without a Delta Chat app, you can also scan this QR code with Delta Chat:
<script src="qrcode-svg.min.js"></script> <script src="dclogin.js"></script>{% else %} Get a {{config.mail_domain}} chat profile
If you are viewing this page on a different device without a Delta Chat app, you can also scan this QR code with Delta Chat:
{% endif %}
🐣 Choose your Avatar and Name
💬 Start chatting with any Delta Chat contacts using QR invite codes