2018-10-31 19:17:23 +02:00
|
|
|
#!/usr/bin/python3
|
2017-09-24 17:50:10 +02:00
|
|
|
|
|
|
|
import os
|
2019-01-08 00:38:06 +02:00
|
|
|
import logging as log
|
|
|
|
import sys
|
2019-07-25 10:33:57 +02:00
|
|
|
from socrate import system, conf
|
2017-09-24 17:50:10 +02:00
|
|
|
|
|
|
|
args = os.environ.copy()
|
|
|
|
|
2019-01-08 05:16:05 +02:00
|
|
|
log.basicConfig(stream=sys.stderr, level=args.get("LOG_LEVEL", "WARNING"))
|
2019-01-08 00:38:06 +02:00
|
|
|
|
2017-11-13 22:38:04 +02:00
|
|
|
# Get the first DNS server
|
|
|
|
with open("/etc/resolv.conf") as handle:
|
|
|
|
content = handle.read().split()
|
|
|
|
args["RESOLVER"] = content[content.index("nameserver") + 1]
|
|
|
|
|
2019-08-23 08:43:59 +02:00
|
|
|
args["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin")
|
2019-10-12 01:01:35 +02:00
|
|
|
args["ANTISPAM_WEBUI_ADDRESS"] = system.get_host_address_from_environment("ANTISPAM_WEBUI", "antispam:11334")
|
2019-01-25 13:28:24 +02:00
|
|
|
if args["WEBMAIL"] != "none":
|
2019-08-23 08:43:59 +02:00
|
|
|
args["WEBMAIL_ADDRESS"] = system.get_host_address_from_environment("WEBMAIL", "webmail")
|
2019-01-25 13:28:24 +02:00
|
|
|
if args["WEBDAV"] != "none":
|
2019-08-23 08:43:59 +02:00
|
|
|
args["WEBDAV_ADDRESS"] = system.get_host_address_from_environment("WEBDAV", "webdav:5232")
|
2017-11-13 22:38:04 +02:00
|
|
|
|
|
|
|
# TLS configuration
|
2018-05-01 14:04:18 +02:00
|
|
|
cert_name = os.getenv("TLS_CERT_FILENAME", default="cert.pem")
|
|
|
|
keypair_name = os.getenv("TLS_KEYPAIR_FILENAME", default="key.pem")
|
2017-09-24 17:50:10 +02:00
|
|
|
args["TLS"] = {
|
2018-05-01 14:04:18 +02:00
|
|
|
"cert": ("/certs/%s" % cert_name, "/certs/%s" % keypair_name),
|
2021-08-09 22:51:23 +02:00
|
|
|
"letsencrypt": ("/certs/letsencrypt/live/mailu/nginx-chain.pem",
|
|
|
|
"/certs/letsencrypt/live/mailu/privkey.pem", "/certs/letsencrypt/live/mailu-ecdsa/nginx-chain.pem", "/certs/letsencrypt/live/mailu-ecdsa/privkey.pem"),
|
2018-05-01 14:04:18 +02:00
|
|
|
"mail": ("/certs/%s" % cert_name, "/certs/%s" % keypair_name),
|
2021-08-09 22:51:23 +02:00
|
|
|
"mail-letsencrypt": ("/certs/letsencrypt/live/mailu/nginx-chain.pem",
|
|
|
|
"/certs/letsencrypt/live/mailu/privkey.pem", "/certs/letsencrypt/live/mailu-ecdsa/nginx-chain.pem", "/certs/letsencrypt/live/mailu-ecdsa/privkey.pem"),
|
2017-09-24 17:50:10 +02:00
|
|
|
"notls": None
|
|
|
|
}[args["TLS_FLAVOR"]]
|
|
|
|
|
2022-02-20 12:56:21 +02:00
|
|
|
def format_for_nginx(fullchain, output):
|
|
|
|
""" We may want to strip ISRG Root X1 out """
|
2022-02-20 13:02:30 +02:00
|
|
|
if not os.path.exists(fullchain):
|
|
|
|
return
|
2022-02-20 12:56:21 +02:00
|
|
|
certs = []
|
|
|
|
with open(fullchain, 'r') as pem:
|
|
|
|
cert = ''
|
|
|
|
for line in pem:
|
|
|
|
cert += line
|
|
|
|
if '-----END CERTIFICATE-----' in line:
|
|
|
|
certs += [cert]
|
|
|
|
cert = ''
|
|
|
|
with open(output, 'w') as pem:
|
|
|
|
for cert in certs[:-1] if len(certs)>2 and os.getenv('LETSENCRYPT_SHORTCHAIN', default="False") else certs:
|
|
|
|
pem.write(cert)
|
|
|
|
|
|
|
|
if args['TLS_FLAVOR'] in ['letsencrypt', 'mail-letsencrypt']:
|
|
|
|
format_for_nginx('/certs/letsencrypt/live/mailu/fullchain.pem', '/certs/letsencrypt/live/mailu/nginx-chain.pem')
|
|
|
|
format_for_nginx('/certs/letsencrypt/live/mailu-ecdsa/fullchain.pem', '/certs/letsencrypt/live/mailu-ecdsa/nginx-chain.pem')
|
|
|
|
|
2017-09-24 17:50:10 +02:00
|
|
|
if args["TLS"] and not all(os.path.exists(file_path) for file_path in args["TLS"]):
|
|
|
|
print("Missing cert or key file, disabling TLS")
|
|
|
|
args["TLS_ERROR"] = "yes"
|
|
|
|
|
2017-11-13 22:38:04 +02:00
|
|
|
# Build final configuration paths
|
2019-07-25 10:33:57 +02:00
|
|
|
conf.jinja("/conf/tls.conf", args, "/etc/nginx/tls.conf")
|
|
|
|
conf.jinja("/conf/proxy.conf", args, "/etc/nginx/proxy.conf")
|
|
|
|
conf.jinja("/conf/nginx.conf", args, "/etc/nginx/nginx.conf")
|
2018-06-02 10:23:33 +02:00
|
|
|
if os.path.exists("/var/run/nginx.pid"):
|
2017-12-03 12:28:26 +02:00
|
|
|
os.system("nginx -s reload")
|