self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-08-10 22:31:47 +02:00
Code Issues Releases Activity

Merge #1104

Browse Source 
1104: Improve traefik-certdumper - run.sh and documentation r=mergify[bot] a=boldt

## What type of PR?

Bug fix and documentation

## What does this PR do?

On the first run, the `run.sh` script shows the error `diff: can't stat '/output/cert.pem': No such file or directory`, because the file does not exist in the folder `/output` yet. This bugfix ensures, that the diff is only called, when all required files are available.

Additionally, the corresponding documentation was updated, since the `run.sh` writes the two files `cert.pem` and `key.pem`, and not `your.doma.in.crt` and `your.doma.in.key`. Also some volume fixes.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly

Co-authored-by: Dennis Boldt <info@dennis-boldt.de>
This commit is contained in:
bors[bot]
2019-08-19 06:10:09 +00:00
committed by GitHub
parent 3763eac8a8 a5610d3c25
commit 2329fe7929
2 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docs/reverse.rst
View File

@@ -176,20 +176,21 @@ One such example is ``mailu/traefik-certdumper``, which has been adapted for use
# !!! Also don’t forget to add "TRAEFIK_DOMAIN=[...]" to your .env!
- DOMAIN=$TRAEFIK_DOMAIN
volumes:
# Folder, which contains the acme.json
- "/data/traefik:/traefik"
- "$ROOT/certs:/output"
# Folder, where cert.pem and key.pem will be written
- "/data/mailu/certs:/output"
Assuming you have ``volume-mounted`` your ``acme.json`` put to ``/data/traefik`` on your host. The dumper will then write out ``/data/traefik/ssl/your.doma.in.crt``
and ``/data/traefik/ssl/your.doma.in.key`` whenever ``acme.json`` is updated. Yay! Now let’s mount this to our ``front`` container like:
Assuming you have ``volume-mounted`` your ``acme.json`` put to ``/data/traefik`` on your host. The dumper will then write out ``/data/mailu/certs/cert.pem`` and ``/data/mailu/certs/key.pem`` whenever ``acme.json`` is updated.
Yay! Now let’s mount this to our ``front`` container like:
.. code-block:: yaml
volumes:
- "$ROOT/overrides/nginx:/overrides"
- /data/traefik/ssl/$TRAEFIK_DOMAIN.crt:/certs/cert.pem
- /data/traefik/ssl/$TRAEFIK_DOMAIN.key:/certs/key.pem
- /data/mailu/certs:/certs
This works, because we set ``TLS_FLAVOR=mail``, which picks up the key-certificate pair (e.g., ``cert.pem`` and ``key.pem``) from the certs folder in the root path (``/certs/``).
.. _`Traefik`: https://traefik.io/

6
optional/traefik-certdumper/run.sh
View File

@@ -5,8 +5,10 @@ function dump() {
traefik-certs-dumper file --crt-name "cert" --crt-ext ".pem" --key-name "key" --key-ext ".pem" --domain-subdir --dest /tmp/work --source /traefik/acme.json > /dev/null
if diff -q /tmp/work/${DOMAIN}/cert.pem /output/cert.pem >/dev/null && \
diff -q /tmp/work/${DOMAIN}/key.pem /output/key.pem >/dev/null ; then
if [[ -f /tmp/work/${DOMAIN}/cert.pem && -f /tmp/work/${DOMAIN}/key.pem && -f /output/cert.pem && -f /output/key.pem ]] && \
diff -q /tmp/work/${DOMAIN}/cert.pem /output/cert.pem >/dev/null && \
diff -q /tmp/work/${DOMAIN}/key.pem /output/key.pem >/dev/null ; \
then
echo "$(date) Certificate and key still up to date, doing nothing"
else
echo "$(date) Certificate or key differ, updating"