Skip to content
Snippets Groups Projects
Commit 4b09a3da authored by nimrod's avatar nimrod
Browse files

Optional Diffie-hellman paramaters generation.

- Use an environment variable for setting the location of the dhparams
file.
- Don't generate the file if it already exists.
- Use the dhparams file in the host in production.
parent f114819f
No related branches found
No related tags found
No related merge requests found
Pipeline #88 passed
...@@ -10,6 +10,7 @@ services: ...@@ -10,6 +10,7 @@ services:
${LDAP_BASE_DN:-ou=People,dc=shore,dc=co,dc=il} ${LDAP_BASE_DN:-ou=People,dc=shore,dc=co,dc=il}
LDAP_URIS: &ldap_uris '${LDAP_URIS:-ldapi:///}' LDAP_URIS: &ldap_uris '${LDAP_URIS:-ldapi:///}'
TLS_CERT_FILE: &tls_cert_file /var/ssl/mail.crt TLS_CERT_FILE: &tls_cert_file /var/ssl/mail.crt
TLS_DHPARAMS_FILE: /var/ssl/dhparams
TLS_KEY_FILE: &tls_key_file /var/ssl/mail.key TLS_KEY_FILE: &tls_key_file /var/ssl/mail.key
hostname: &imap_hostname imap.shore.co.il hostname: &imap_hostname imap.shore.co.il
networks: networks:
......
...@@ -31,6 +31,7 @@ RUN find /var/lib/dovecot/sieve.d/ -type f -name '*.sieve' -print0 | xargs -0n1 ...@@ -31,6 +31,7 @@ RUN find /var/lib/dovecot/sieve.d/ -type f -name '*.sieve' -print0 | xargs -0n1
VOLUME /var/mail VOLUME /var/mail
VOLUME /run/dovecot VOLUME /run/dovecot
EXPOSE 993 25 EXPOSE 993 25
ENV TLS_DHPARAMS_FILE /usr/share/dovecot/dh.pem
ENTRYPOINT [ "/entrypoint" ] ENTRYPOINT [ "/entrypoint" ]
CMD [ "dovecot", "-F" ] CMD [ "dovecot", "-F" ]
HEALTHCHECK --start-period=5m CMD doveadm service status || exit 1 HEALTHCHECK --start-period=5m CMD doveadm service status || exit 1
...@@ -4,7 +4,7 @@ set -eux ...@@ -4,7 +4,7 @@ set -eux
install -d -m 755 -o dovecot -g root /var/run/dovecot install -d -m 755 -o dovecot -g root /var/run/dovecot
install -d -m 775 -o root -g dovecot /var/mail install -d -m 775 -o root -g dovecot /var/mail
install -d -m 775 -o root -g dovecot /run/dovecot install -d -m 775 -o root -g dovecot /run/dovecot
time openssl dhparam -out /usr/share/dovecot/dh.pem 2048 [ -f "$TLS_DHPARAMS_FILE" ] || time openssl dhparam -out "$TLS_DHPARAMS_FILE" 2048
DEBIAN_FRONTEND=noninteractive time make-ssl-cert generate-default-snakeoil --force-overwrite DEBIAN_FRONTEND=noninteractive time make-ssl-cert generate-default-snakeoil --force-overwrite
# I don't know why environment variables aren't expanded and I'm too interested # I don't know why environment variables aren't expanded and I'm too interested
...@@ -14,5 +14,6 @@ sed -i "s@%{env:LDAP_URIS}@$LDAP_URIS@g" /etc/dovecot/dovecot-ldap.conf.ext ...@@ -14,5 +14,6 @@ sed -i "s@%{env:LDAP_URIS}@$LDAP_URIS@g" /etc/dovecot/dovecot-ldap.conf.ext
sed -i "s@%{env:LDAP_BASEDN}@$LDAP_BASEDN@g" /etc/dovecot/dovecot-ldap.conf.ext sed -i "s@%{env:LDAP_BASEDN}@$LDAP_BASEDN@g" /etc/dovecot/dovecot-ldap.conf.ext
sed -i "s@/etc/ssl/private/ssl-cert-snakeoil.key@$TLS_KEY_FILE@g" /etc/dovecot/conf.d/10-ssl.conf sed -i "s@/etc/ssl/private/ssl-cert-snakeoil.key@$TLS_KEY_FILE@g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s@/etc/ssl/certs/ssl-cert-snakeoil.pem@$TLS_CERT_FILE@g" /etc/dovecot/conf.d/10-ssl.conf sed -i "s@/etc/ssl/certs/ssl-cert-snakeoil.pem@$TLS_CERT_FILE@g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s@/usr/share/dovecot/dh.pem@$TLS_DHPARAMS_FILE@g" /etc/dovecot/conf.d/10-ssl.conf
eval exec "$@" eval exec "$@"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment