wildcard instead of *
This commit is contained in:
parent
f9723b2b68
commit
ce26d864b5
|
|
@ -8,8 +8,10 @@
|
||||||
# - docker-data/dms/config/postfix-main.cf
|
# - docker-data/dms/config/postfix-main.cf
|
||||||
#
|
#
|
||||||
# Cert-Konvention (Caddy Wildcard):
|
# Cert-Konvention (Caddy Wildcard):
|
||||||
# /etc/mail/certs/*.domain.tld/*.domain.tld.crt
|
# Caddy speichert *.domain.tld unter: wildcard_.domain.tld/wildcard_.domain.tld.crt
|
||||||
# /etc/mail/certs/*.domain.tld/*.domain.tld.key
|
# Im Container (gemountet unter /etc/mail/certs):
|
||||||
|
# /etc/mail/certs/wildcard_.domain.tld/wildcard_.domain.tld.crt
|
||||||
|
# /etc/mail/certs/wildcard_.domain.tld/wildcard_.domain.tld.key
|
||||||
#
|
#
|
||||||
# Usage:
|
# Usage:
|
||||||
# ./setup-dms-tls.sh
|
# ./setup-dms-tls.sh
|
||||||
|
|
@ -50,6 +52,15 @@ fi
|
||||||
echo " Gefundene Domains:"
|
echo " Gefundene Domains:"
|
||||||
for d in $DOMAINS; do echo " - $d"; done
|
for d in $DOMAINS; do echo " - $d"; done
|
||||||
|
|
||||||
|
# --- Cert-Pfad Hilfsfunktionen ---
|
||||||
|
# Caddy speichert Wildcard-Certs unter: wildcard_.domain.tld/wildcard_.domain.tld.crt
|
||||||
|
wildcard_cert_path() {
|
||||||
|
echo "$CERTS_BASE_PATH/wildcard_.${1}/wildcard_.${1}.crt"
|
||||||
|
}
|
||||||
|
wildcard_key_path() {
|
||||||
|
echo "$CERTS_BASE_PATH/wildcard_.${1}/wildcard_.${1}.key"
|
||||||
|
}
|
||||||
|
|
||||||
# --- Cert-Verfügbarkeit im Container prüfen ---
|
# --- Cert-Verfügbarkeit im Container prüfen ---
|
||||||
echo ""
|
echo ""
|
||||||
echo "🔍 Prüfe Zertifikat-Verfügbarkeit..."
|
echo "🔍 Prüfe Zertifikat-Verfügbarkeit..."
|
||||||
|
|
@ -57,11 +68,11 @@ DOMAINS_OK=""
|
||||||
DOMAINS_MISSING=""
|
DOMAINS_MISSING=""
|
||||||
|
|
||||||
for domain in $DOMAINS; do
|
for domain in $DOMAINS; do
|
||||||
CERT_PATH="$CERTS_BASE_PATH/*.$domain/*.$domain.crt"
|
CERT_PATH=$(wildcard_cert_path "$domain")
|
||||||
KEY_PATH="$CERTS_BASE_PATH/*.$domain/*.$domain.key"
|
KEY_PATH=$(wildcard_key_path "$domain")
|
||||||
|
|
||||||
if docker exec "$DMS_CONTAINER" test -f "$CERT_PATH" 2>/dev/null; then
|
if docker exec "$DMS_CONTAINER" test -f "$CERT_PATH" 2>/dev/null; then
|
||||||
echo " ✅ $domain → Cert vorhanden"
|
echo " ✅ $domain → $CERT_PATH"
|
||||||
DOMAINS_OK="$DOMAINS_OK $domain"
|
DOMAINS_OK="$DOMAINS_OK $domain"
|
||||||
else
|
else
|
||||||
echo " ⚠️ $domain → KEIN Cert unter $CERT_PATH"
|
echo " ⚠️ $domain → KEIN Cert unter $CERT_PATH"
|
||||||
|
|
@ -72,13 +83,10 @@ done
|
||||||
|
|
||||||
# Node-Hostname Cert prüfen (direktes Cert, kein Wildcard)
|
# Node-Hostname Cert prüfen (direktes Cert, kein Wildcard)
|
||||||
NODE_CERT_PATH="$CERTS_BASE_PATH/$NODE_HOSTNAME/$NODE_HOSTNAME.crt"
|
NODE_CERT_PATH="$CERTS_BASE_PATH/$NODE_HOSTNAME/$NODE_HOSTNAME.crt"
|
||||||
NODE_KEY_PATH="$CERTS_BASE_PATH/$NODE_HOSTNAME/$NODE_HOSTNAME.key"
|
|
||||||
if docker exec "$DMS_CONTAINER" test -f "$NODE_CERT_PATH" 2>/dev/null; then
|
if docker exec "$DMS_CONTAINER" test -f "$NODE_CERT_PATH" 2>/dev/null; then
|
||||||
echo " ✅ $NODE_HOSTNAME → Cert vorhanden (Node Default)"
|
echo " ✅ $NODE_HOSTNAME → Cert vorhanden (Node Default)"
|
||||||
NODE_CERT_OK=true
|
|
||||||
else
|
else
|
||||||
echo " ⚠️ $NODE_HOSTNAME → KEIN Cert! Caddy-Block im Caddyfile prüfen."
|
echo " ⚠️ $NODE_HOSTNAME → KEIN Cert! Caddy-Block im Caddyfile prüfen."
|
||||||
NODE_CERT_OK=false
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$DOMAINS_MISSING" ]; then
|
if [ -n "$DOMAINS_MISSING" ]; then
|
||||||
|
|
@ -106,14 +114,17 @@ cat > "$DOVECOT_CFG" << 'HEADER'
|
||||||
# Dovecot liest dieses File über den Volume-Mount in /tmp/docker-mailserver/
|
# Dovecot liest dieses File über den Volume-Mount in /tmp/docker-mailserver/
|
||||||
# und wendet es automatisch an.
|
# und wendet es automatisch an.
|
||||||
#
|
#
|
||||||
|
# Caddy Wildcard-Cert Pfad-Schema:
|
||||||
|
# wildcard_.domain.tld/wildcard_.domain.tld.crt|.key
|
||||||
|
#
|
||||||
# Volume-Mount in docker-compose.yml:
|
# Volume-Mount in docker-compose.yml:
|
||||||
# - ./docker-data/dms/config/dovecot-sni.cf:/tmp/docker-mailserver/dovecot-sni.cf:ro
|
# - ./docker-data/dms/config/dovecot-sni.cf:/tmp/docker-mailserver/dovecot-sni.cf:ro
|
||||||
|
|
||||||
HEADER
|
HEADER
|
||||||
|
|
||||||
for domain in $DOMAINS_OK; do
|
for domain in $DOMAINS_OK; do
|
||||||
CERT_PATH="$CERTS_BASE_PATH/*.$domain/*.$domain.crt"
|
CERT_PATH=$(wildcard_cert_path "$domain")
|
||||||
KEY_PATH="$CERTS_BASE_PATH/*.$domain/*.$domain.key"
|
KEY_PATH=$(wildcard_key_path "$domain")
|
||||||
|
|
||||||
cat >> "$DOVECOT_CFG" << EOF
|
cat >> "$DOVECOT_CFG" << EOF
|
||||||
# $domain
|
# $domain
|
||||||
|
|
@ -138,6 +149,10 @@ EOF
|
||||||
done
|
done
|
||||||
|
|
||||||
echo " ✅ Dovecot SNI: $(echo $DOMAINS_OK | wc -w) Domain(s)"
|
echo " ✅ Dovecot SNI: $(echo $DOMAINS_OK | wc -w) Domain(s)"
|
||||||
|
echo ""
|
||||||
|
echo " --- dovecot-sni.cf Inhalt ---"
|
||||||
|
cat "$DOVECOT_CFG"
|
||||||
|
echo " --- Ende ---"
|
||||||
|
|
||||||
# ================================================================
|
# ================================================================
|
||||||
# POSTFIX SNI Konfiguration
|
# POSTFIX SNI Konfiguration
|
||||||
|
|
@ -146,18 +161,17 @@ POSTFIX_CFG="$CONFIG_DIR/postfix-main.cf"
|
||||||
echo ""
|
echo ""
|
||||||
echo "📝 Generiere: $POSTFIX_CFG"
|
echo "📝 Generiere: $POSTFIX_CFG"
|
||||||
|
|
||||||
# Backup falls vorhanden
|
|
||||||
if [ -f "$POSTFIX_CFG" ]; then
|
if [ -f "$POSTFIX_CFG" ]; then
|
||||||
cp "$POSTFIX_CFG" "${POSTFIX_CFG}.bak.$(date +%Y%m%d%H%M%S)"
|
cp "$POSTFIX_CFG" "${POSTFIX_CFG}.bak.$(date +%Y%m%d%H%M%S)"
|
||||||
echo " ℹ️ Backup: ${POSTFIX_CFG}.bak.*"
|
echo " ℹ️ Backup: ${POSTFIX_CFG}.bak.*"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# smtpd_tls_chain_files aufbauen: Key + Cert Paar pro Domain
|
# smtpd_tls_chain_files: Key + Cert Paar pro Domain
|
||||||
# Postfix wählt automatisch per SNI das passende Paar
|
# Postfix wählt automatisch per SNI das passende Paar
|
||||||
CHAIN_LINES=""
|
CHAIN_LINES=""
|
||||||
for domain in $DOMAINS_OK; do
|
for domain in $DOMAINS_OK; do
|
||||||
KEY_PATH="$CERTS_BASE_PATH/*.$domain/*.$domain.key"
|
KEY_PATH=$(wildcard_key_path "$domain")
|
||||||
CERT_PATH="$CERTS_BASE_PATH/*.$domain/*.$domain.crt"
|
CERT_PATH=$(wildcard_cert_path "$domain")
|
||||||
if [ -z "$CHAIN_LINES" ]; then
|
if [ -z "$CHAIN_LINES" ]; then
|
||||||
CHAIN_LINES=" $KEY_PATH, $CERT_PATH"
|
CHAIN_LINES=" $KEY_PATH, $CERT_PATH"
|
||||||
else
|
else
|
||||||
|
|
@ -170,6 +184,9 @@ cat > "$POSTFIX_CFG" << POSTFIX_EOF
|
||||||
# Postfix SNI-Konfiguration: pro Kundendomain ein Key/Cert-Paar.
|
# Postfix SNI-Konfiguration: pro Kundendomain ein Key/Cert-Paar.
|
||||||
# Postfix wählt beim TLS-Handshake das passende Paar per SNI.
|
# Postfix wählt beim TLS-Handshake das passende Paar per SNI.
|
||||||
# DMS lädt dieses File automatisch beim Start.
|
# DMS lädt dieses File automatisch beim Start.
|
||||||
|
#
|
||||||
|
# Caddy Wildcard-Cert Pfad-Schema:
|
||||||
|
# wildcard_.domain.tld/wildcard_.domain.tld.crt|.key
|
||||||
|
|
||||||
# TLS Chain: Key + Cert Paare (Postfix >= 3.4)
|
# TLS Chain: Key + Cert Paare (Postfix >= 3.4)
|
||||||
smtpd_tls_chain_files =
|
smtpd_tls_chain_files =
|
||||||
|
|
@ -178,6 +195,10 @@ $(printf '%b' "$CHAIN_LINES")
|
||||||
POSTFIX_EOF
|
POSTFIX_EOF
|
||||||
|
|
||||||
echo " ✅ Postfix SNI: $(echo $DOMAINS_OK | wc -w) Domain(s)"
|
echo " ✅ Postfix SNI: $(echo $DOMAINS_OK | wc -w) Domain(s)"
|
||||||
|
echo ""
|
||||||
|
echo " --- postfix-main.cf Inhalt ---"
|
||||||
|
cat "$POSTFIX_CFG"
|
||||||
|
echo " --- Ende ---"
|
||||||
|
|
||||||
# ================================================================
|
# ================================================================
|
||||||
# Zusammenfassung
|
# Zusammenfassung
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue