Add switch to skip fetching certificates auto{config,discover} subdomains (#5838)
* Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to acme.sh * Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to docker-compose.yml * Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to generate_config.sh * Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to update.sh * AUTODISCOVER_SAN instead of long string default on, default is fetching certs for auto{discover,conf} * AUTODISCOVER_SAN instead of long string also flipped * AUTODISCOVER_SAN instead of long string flipped default meaning * fix explanation for AUTODISCOVER_SAN * AUTODISCOVER_SAN instead of long string and flipped meaning of the bool * fix AUTODISCOVER_SAN explanation * Merge branch 'mailcow:staging' into staging * update.sh: corrected syntax for mailcow.conf insertion
This commit is contained in:
parent
18d7a55b15
commit
4a052da289
@ -33,6 +33,10 @@ if [[ "${ONLY_MAILCOW_HOSTNAME}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
|
|||||||
ONLY_MAILCOW_HOSTNAME=y
|
ONLY_MAILCOW_HOSTNAME=y
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ "${AUTODISCOVER_SAN}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
|
||||||
|
AUTODISCOVER_SAN=y
|
||||||
|
fi
|
||||||
|
|
||||||
# Request individual certificate for every domain
|
# Request individual certificate for every domain
|
||||||
if [[ "${ENABLE_SSL_SNI}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
|
if [[ "${ENABLE_SSL_SNI}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
|
||||||
ENABLE_SSL_SNI=y
|
ENABLE_SSL_SNI=y
|
||||||
@ -211,7 +215,11 @@ while true; do
|
|||||||
ADDITIONAL_SAN_ARR+=($i)
|
ADDITIONAL_SAN_ARR+=($i)
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [[ ${AUTODISCOVER_SAN} == "y" ]]; then
|
||||||
|
# Fetch certs for autoconfig and autodiscover subdomains
|
||||||
ADDITIONAL_WC_ARR+=('autodiscover' 'autoconfig')
|
ADDITIONAL_WC_ARR+=('autodiscover' 'autoconfig')
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ ${SKIP_IP_CHECK} != "y" ]]; then
|
if [[ ${SKIP_IP_CHECK} != "y" ]]; then
|
||||||
# Start IP detection
|
# Start IP detection
|
||||||
|
@ -411,6 +411,7 @@ services:
|
|||||||
- LOG_LINES=${LOG_LINES:-9999}
|
- LOG_LINES=${LOG_LINES:-9999}
|
||||||
- ACME_CONTACT=${ACME_CONTACT:-}
|
- ACME_CONTACT=${ACME_CONTACT:-}
|
||||||
- ADDITIONAL_SAN=${ADDITIONAL_SAN}
|
- ADDITIONAL_SAN=${ADDITIONAL_SAN}
|
||||||
|
- AUTODISCOVER_SAN=${AUTODISCOVER_SAN:-y}
|
||||||
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
|
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
|
||||||
- DBNAME=${DBNAME}
|
- DBNAME=${DBNAME}
|
||||||
- DBUSER=${DBUSER}
|
- DBUSER=${DBUSER}
|
||||||
|
@ -336,6 +336,13 @@ MAILDIR_GC_TIME=7200
|
|||||||
|
|
||||||
ADDITIONAL_SAN=
|
ADDITIONAL_SAN=
|
||||||
|
|
||||||
|
# Obtain certificates for autodiscover.* and autoconfig.* domains.
|
||||||
|
# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.
|
||||||
|
# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs
|
||||||
|
# between services. So acme-mailcow obtains for maildomains and all web-things get handled
|
||||||
|
# in the reverse proxy.
|
||||||
|
AUTODISCOVER_SAN=y
|
||||||
|
|
||||||
# Additional server names for mailcow UI
|
# Additional server names for mailcow UI
|
||||||
#
|
#
|
||||||
# Specify alternative addresses for the mailcow UI to respond to
|
# Specify alternative addresses for the mailcow UI to respond to
|
||||||
|
13
update.sh
13
update.sh
@ -450,6 +450,7 @@ CONFIG_ARRAY=(
|
|||||||
"SKIP_CLAMD"
|
"SKIP_CLAMD"
|
||||||
"SKIP_IP_CHECK"
|
"SKIP_IP_CHECK"
|
||||||
"ADDITIONAL_SAN"
|
"ADDITIONAL_SAN"
|
||||||
|
"AUTODISCOVER_SAN"
|
||||||
"DOVEADM_PORT"
|
"DOVEADM_PORT"
|
||||||
"IPV4_NETWORK"
|
"IPV4_NETWORK"
|
||||||
"IPV6_NETWORK"
|
"IPV6_NETWORK"
|
||||||
@ -715,6 +716,18 @@ for option in ${CONFIG_ARRAY[@]}; do
|
|||||||
echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
|
echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
|
||||||
echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
|
echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
elif [[ ${option} == "AUTODISCOVER_SAN" ]]; then
|
||||||
|
if ! grep -q ${option} mailcow.conf; then
|
||||||
|
echo "Adding new option \"${option}\" to mailcow.conf"
|
||||||
|
echo '# Obtain certificates for autodiscover.* and autoconfig.* domains.' >> mailcow.conf
|
||||||
|
echo '# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.' >> mailcow.conf
|
||||||
|
echo '# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs' >> mailcow.conf
|
||||||
|
echo '# between services. So acme-mailcow obtains for maildomains and all web-things get handled' >> mailcow.conf
|
||||||
|
echo '# in the reverse proxy.' >> mailcow.conf
|
||||||
|
echo 'AUTODISCOVER_SAN=y' >> mailcow.conf
|
||||||
|
fi
|
||||||
|
|
||||||
elif [[ ${option} == "ACME_CONTACT" ]]; then
|
elif [[ ${option} == "ACME_CONTACT" ]]; then
|
||||||
if ! grep -q ${option} mailcow.conf; then
|
if ! grep -q ${option} mailcow.conf; then
|
||||||
echo "Adding new option \"${option}\" to mailcow.conf"
|
echo "Adding new option \"${option}\" to mailcow.conf"
|
||||||
|
Loading…
Reference in New Issue
Block a user