Added a way to generate and configure a specific SSL certificate for …

…postfix docker-mailserver#14
froks-contrib · Aug 18, 2015 · a848a55 · a848a55
1 parent 63a7be0
commit a848a55
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 .DS_Store
 docker-compose.yml
+postfix/ssl/*
diff --git a/Dockerfile b/Dockerfile
@@ -33,6 +33,8 @@ RUN freshclam
 ADD postfix/main.cf /etc/postfix/main.cf
 ADD postfix/master.cf /etc/postfix/master.cf
 ADD postfix/sasl/smtpd.conf /etc/postfix/sasl/smtpd.conf
+ADD bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
+RUN chmod +x /usr/local/bin/generate-ssl-certificate
 
 # Start-mailserver script
 ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh

diff --git a/README.md b/README.md
@@ -61,6 +61,24 @@ Volumes allow to:
 
 	docker-compose up -d mail
 
+# configure ssl
+
+## generate ssl certificate
+
+You can easily generate en SSL certificate by using the following command:
+
+	docker run -ti --rm -v "$(pwd)"/postfix/ssl:/ssl -h mail.my-domain.com -t tvial/docker-mailserver generate-ssl-certificate
+
+	# will generate:
+	# postfix/ssl/mail.my-domain.com.key
+	# postfix/ssl/mail.my-domain.com.csr
+
+Note that the certificate will be generate for the container `fqdn`, that is passed as `-h` argument.
+
+## configure ssl certificate (convention over configuration)
+
+If a matching certificate (with `.key` and `.csr` files) is found in `postfix/ssl`, it will be automatically configured in postfix. You just have to place `mail.my-domain.com.key` and `mail.my-domain.com.csr` for domain `mail.my-domain.com` in `postfix/ssl` folder.
+
 # client configuration
 
 	# imap

diff --git a/bin/generate-ssl-certificate b/bin/generate-ssl-certificate
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+FQDN=$(hostname)
+openssl req -new -newkey rsa:2048 -nodes -keyout /ssl/$FQDN.key -out /ssl/$FQDN.csr
diff --git a/docker-compose.yml.dist b/docker-compose.yml.dist
@@ -8,8 +8,6 @@ mail:
   - "143:143"
   - "587:587"
   - "993:993"
-  environment:
-    docker_mail_domain: "my-domain.com"
   volumes:
-  - ./spamassassin:/tmp/spamassassin/:ro
-  - ./postfix:/tmp/postfix/:ro
+  - ./spamassassin:/tmp/spamassassin/
+  - ./postfix:/tmp/postfix/
diff --git a/start-mailserver.sh b/start-mailserver.sh
@@ -2,8 +2,10 @@
 
 echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
 echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox
+
 # Checking that /tmp/postfix/accounts.cf ends with a newline
 sed -i -e '$a\' /tmp/postfix/accounts.cf
+
 # Creating users
 while IFS=$'|' read login pass
 do
@@ -30,6 +32,14 @@ postmap /etc/postfix/virtual
 sed -i -r 's/DOCKER_MAIL_DOMAIN/'"$(hostname -d)"'/g' /etc/postfix/main.cf
 cat /tmp/vhost.tmp | sort | uniq >> /etc/postfix/vhost && rm /tmp/vhost.tmp
 
+# Adding SSL certificate if name provided as $docker_mail_cert env
+if [ -e "/tmp/postfix/ssl/$(hostname).csr" ]; then
+  echo "Adding $(hostname) csr/key SSL certificate"
+  cp -r /tmp/postfix/ssl /etc/postfix/ssl 
+  sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/'$docker_mail_cert'.csr/g' /etc/postfix/main.cf
+  sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$docker_mail_cert'.key/g' /etc/postfix/main.cf
+fi
+
 echo "Fixing permissions"
 chown -R 5000:5000 /var/mail
 mkdir -p /var/log/clamav && chown -R clamav:root /var/log/clamav