Add switch to skip fetching certificates auto{config,discover} subdomains (#5838)
* Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to acme.sh * Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to docker-compose.yml * Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to generate_config.sh * Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to update.sh * AUTODISCOVER_SAN instead of long string default on, default is fetching certs for auto{discover,conf} * AUTODISCOVER_SAN instead of long string also flipped * AUTODISCOVER_SAN instead of long string flipped default meaning * fix explanation for AUTODISCOVER_SAN * AUTODISCOVER_SAN instead of long string and flipped meaning of the bool * fix AUTODISCOVER_SAN explanation * Merge branch 'mailcow:staging' into staging * update.sh: corrected syntax for mailcow.conf insertion
This commit is contained in:
parent
18d7a55b15
commit
4a052da289
@ -33,6 +33,10 @@ if [[ "${ONLY_MAILCOW_HOSTNAME}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
|
||||
ONLY_MAILCOW_HOSTNAME=y
|
||||
fi
|
||||
|
||||
if [[ "${AUTODISCOVER_SAN}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
|
||||
AUTODISCOVER_SAN=y
|
||||
fi
|
||||
|
||||
# Request individual certificate for every domain
|
||||
if [[ "${ENABLE_SSL_SNI}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
|
||||
ENABLE_SSL_SNI=y
|
||||
@ -211,7 +215,11 @@ while true; do
|
||||
ADDITIONAL_SAN_ARR+=($i)
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ ${AUTODISCOVER_SAN} == "y" ]]; then
|
||||
# Fetch certs for autoconfig and autodiscover subdomains
|
||||
ADDITIONAL_WC_ARR+=('autodiscover' 'autoconfig')
|
||||
fi
|
||||
|
||||
if [[ ${SKIP_IP_CHECK} != "y" ]]; then
|
||||
# Start IP detection
|
||||
|
@ -411,6 +411,7 @@ services:
|
||||
- LOG_LINES=${LOG_LINES:-9999}
|
||||
- ACME_CONTACT=${ACME_CONTACT:-}
|
||||
- ADDITIONAL_SAN=${ADDITIONAL_SAN}
|
||||
- AUTODISCOVER_SAN=${AUTODISCOVER_SAN:-y}
|
||||
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
|
||||
- DBNAME=${DBNAME}
|
||||
- DBUSER=${DBUSER}
|
||||
|
@ -336,6 +336,13 @@ MAILDIR_GC_TIME=7200
|
||||
|
||||
ADDITIONAL_SAN=
|
||||
|
||||
# Obtain certificates for autodiscover.* and autoconfig.* domains.
|
||||
# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.
|
||||
# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs
|
||||
# between services. So acme-mailcow obtains for maildomains and all web-things get handled
|
||||
# in the reverse proxy.
|
||||
AUTODISCOVER_SAN=y
|
||||
|
||||
# Additional server names for mailcow UI
|
||||
#
|
||||
# Specify alternative addresses for the mailcow UI to respond to
|
||||
|
13
update.sh
13
update.sh
@ -450,6 +450,7 @@ CONFIG_ARRAY=(
|
||||
"SKIP_CLAMD"
|
||||
"SKIP_IP_CHECK"
|
||||
"ADDITIONAL_SAN"
|
||||
"AUTODISCOVER_SAN"
|
||||
"DOVEADM_PORT"
|
||||
"IPV4_NETWORK"
|
||||
"IPV6_NETWORK"
|
||||
@ -715,6 +716,18 @@ for option in ${CONFIG_ARRAY[@]}; do
|
||||
echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
|
||||
echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
|
||||
fi
|
||||
|
||||
elif [[ ${option} == "AUTODISCOVER_SAN" ]]; then
|
||||
if ! grep -q ${option} mailcow.conf; then
|
||||
echo "Adding new option \"${option}\" to mailcow.conf"
|
||||
echo '# Obtain certificates for autodiscover.* and autoconfig.* domains.' >> mailcow.conf
|
||||
echo '# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.' >> mailcow.conf
|
||||
echo '# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs' >> mailcow.conf
|
||||
echo '# between services. So acme-mailcow obtains for maildomains and all web-things get handled' >> mailcow.conf
|
||||
echo '# in the reverse proxy.' >> mailcow.conf
|
||||
echo 'AUTODISCOVER_SAN=y' >> mailcow.conf
|
||||
fi
|
||||
|
||||
elif [[ ${option} == "ACME_CONTACT" ]]; then
|
||||
if ! grep -q ${option} mailcow.conf; then
|
||||
echo "Adding new option \"${option}\" to mailcow.conf"
|
||||
|
Loading…
Reference in New Issue
Block a user