scottk/Mailu
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/Mailu.git synced 2025-10-31 01:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add ECC certs for modern clients

Browse Source
This commit is contained in:
Florent Daigniere
2021-08-09 21:06:15 +02:00
parent cb68cb312b
commit f05cc99dc0
3 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/nginx/conf/tls.conf
View File

@@ -1,5 +1,9 @@
ssl_certificate {{ TLS[0] }};
ssl_certificate_key {{ TLS[1] }};
{% if TLS_FLAVOR in ['letsencrypt','mail-letsencrypt] %}
ssl_certificate {{ TLS[2] }};
ssl_certificate_key {{ TLS[3] }};
{% endif %}
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_dhparam /conf/dhparam.pem;

4
core/nginx/config.py
View File

@@ -27,10 +27,10 @@ keypair_name = os.getenv("TLS_KEYPAIR_FILENAME", default="key.pem")
args["TLS"] = {
"cert": ("/certs/%s" % cert_name, "/certs/%s" % keypair_name),
"letsencrypt": ("/certs/letsencrypt/live/mailu/fullchain.pem",
"/certs/letsencrypt/live/mailu/privkey.pem"),
"/certs/letsencrypt/live/mailu/privkey.pem", "/certs/letsencrypt/live/mailu-ecdsa/fullchain.pem", "/certs/letsencrypt/live/mailu-ecdsa/privkey.pem"),
"mail": ("/certs/%s" % cert_name, "/certs/%s" % keypair_name),
"mail-letsencrypt": ("/certs/letsencrypt/live/mailu/fullchain.pem",
"/certs/letsencrypt/live/mailu/privkey.pem"),
"/certs/letsencrypt/live/mailu/privkey.pem", "/certs/letsencrypt/live/mailu-ecdsa/fullchain.pem", "/certs/letsencrypt/live/mailu-ecdsa/privkey.pem"),
"notls": None
}[args["TLS_FLAVOR"]]

15
core/nginx/letsencrypt.py
View File

@@ -14,7 +14,19 @@ command = [
"--cert-name", "mailu",
"--preferred-challenges", "http", "--http-01-port", "8008",
"--keep-until-expiring",
"--rsa-key-size", "3072",
"--config-dir", "/certs/letsencrypt",
"--post-hook", "/config.py"
]
command2 = [
"certbot",
"-n", "--agree-tos", # non-interactive
"-d", os.environ["HOSTNAMES"],
"-m", "{}@{}".format(os.environ["POSTMASTER"], os.environ["DOMAIN"]),
"certonly", "--standalone",
"--cert-name", "mailu-ecdsa",
"--preferred-challenges", "http", "--http-01-port", "8008",
"--keep-until-expiring",
"--key-type", "ecdsa",
"--config-dir", "/certs/letsencrypt",
"--post-hook", "/config.py"
]
@@ -25,5 +37,6 @@ time.sleep(5)
# Run certbot every hour
while True:
subprocess.call(command)
subprocess.call(command2)
time.sleep(3600)