diff --git a/docker-compose.yml b/docker-compose.yml index c851b0c78f2e6940c621b5ac004cfaa5a984ef93..4de1dd7fb2d5757056e4bc6fcb3b5d107b41e9d4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,6 +10,7 @@ services: ${LDAP_BASE_DN:-ou=People,dc=shore,dc=co,dc=il} LDAP_URIS: &ldap_uris '${LDAP_URIS:-ldapi:///}' TLS_CERT_FILE: &tls_cert_file /var/ssl/mail.crt + TLS_DHPARAMS_FILE: /var/ssl/dhparams TLS_KEY_FILE: &tls_key_file /var/ssl/mail.key hostname: &imap_hostname imap.shore.co.il networks: diff --git a/dovecot/Dockerfile b/dovecot/Dockerfile index f38a3d3b3b6c199e3291ae5a880b4eb81fd917a5..7a9fb022bb480a8d440d2a0ffa7c7e396cc06085 100644 --- a/dovecot/Dockerfile +++ b/dovecot/Dockerfile @@ -31,6 +31,7 @@ RUN find /var/lib/dovecot/sieve.d/ -type f -name '*.sieve' -print0 | xargs -0n1 VOLUME /var/mail VOLUME /run/dovecot EXPOSE 993 25 +ENV TLS_DHPARAMS_FILE /usr/share/dovecot/dh.pem ENTRYPOINT [ "/entrypoint" ] CMD [ "dovecot", "-F" ] HEALTHCHECK --start-period=5m CMD doveadm service status || exit 1 diff --git a/dovecot/entrypoint b/dovecot/entrypoint index 63fd14f0c680906ddbbea761caf07160ddd80045..f2375b5a0c192dab6ab3d3090da89ee951491856 100755 --- a/dovecot/entrypoint +++ b/dovecot/entrypoint @@ -4,7 +4,7 @@ set -eux install -d -m 755 -o dovecot -g root /var/run/dovecot install -d -m 775 -o root -g dovecot /var/mail install -d -m 775 -o root -g dovecot /run/dovecot -time openssl dhparam -out /usr/share/dovecot/dh.pem 2048 +[ -f "$TLS_DHPARAMS_FILE" ] || time openssl dhparam -out "$TLS_DHPARAMS_FILE" 2048 DEBIAN_FRONTEND=noninteractive time make-ssl-cert generate-default-snakeoil --force-overwrite # I don't know why environment variables aren't expanded and I'm too interested @@ -14,5 +14,6 @@ sed -i "s@%{env:LDAP_URIS}@$LDAP_URIS@g" /etc/dovecot/dovecot-ldap.conf.ext sed -i "s@%{env:LDAP_BASEDN}@$LDAP_BASEDN@g" /etc/dovecot/dovecot-ldap.conf.ext sed -i "s@/etc/ssl/private/ssl-cert-snakeoil.key@$TLS_KEY_FILE@g" /etc/dovecot/conf.d/10-ssl.conf sed -i "s@/etc/ssl/certs/ssl-cert-snakeoil.pem@$TLS_CERT_FILE@g" /etc/dovecot/conf.d/10-ssl.conf +sed -i "s@/usr/share/dovecot/dh.pem@$TLS_DHPARAMS_FILE@g" /etc/dovecot/conf.d/10-ssl.conf eval exec "$@"