mirror of
https://github.com/chatmail/relay.git
synced 2026-05-14 09:54:38 +00:00
e21f2a0fa2
Adds a new tls_external_cert_and_key config option for chatmail servers that manage their own TLS certificates (e.g. via an external ACME client or a load balancer). A systemd path unit (tls-cert-reload.path) watches the certificate file via inotify and automatically reloads dovecot and nginx when it changes. Postfix reads certs per TLS handshake so needs no reload. Also extracts openssl_selfsigned_args() so cert generation parameters are shared between SelfSignedTlsDeployer and the e2e test.
16 lines
572 B
Desktop File
16 lines
572 B
Desktop File
# Reload services that cache the TLS certificate.
|
|
#
|
|
# dovecot: caches the cert at startup; reload re-reads SSL certs
|
|
# without dropping existing connections.
|
|
# nginx: caches the cert at startup; reload gracefully picks up
|
|
# the new cert for new connections.
|
|
# postfix: reads the cert fresh on each TLS handshake,
|
|
# does NOT need a reload/restart.
|
|
[Unit]
|
|
Description=Reload TLS services after certificate change
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/bin/systemctl try-reload-or-restart dovecot
|
|
ExecStart=/bin/systemctl try-reload-or-restart nginx
|