From f702c67bdcaa76b7fe6e1b79cd02258e77324e75 Mon Sep 17 00:00:00 2001 From: Marcel Hofer Date: Sat, 19 Oct 2019 13:00:01 +0200 Subject: [PATCH] [SSL] add new SNI config on updates / new installs --- generate_config.sh | 7 ++++++- update.sh | 13 +++++++++++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/generate_config.sh b/generate_config.sh index 93298d797..1375768c8 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -191,6 +191,11 @@ ADDITIONAL_SAN= SKIP_LETS_ENCRYPT=n +# Create seperate certificates for all domains - y/n +# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames +# see https://wiki.dovecot.org/SSL/SNIClientSupport +ENABLE_SSL_SNI=n + # Skip IPv4 check in ACME container - y/n SKIP_IP_CHECK=n @@ -269,4 +274,4 @@ mkdir -p data/assets/ssl chmod 600 mailcow.conf # copy but don't overwrite existing certificate -cp -n data/assets/ssl-example/*.pem data/assets/ssl/ +cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/ diff --git a/update.sh b/update.sh index 764b99891..1c594be7c 100755 --- a/update.sh +++ b/update.sh @@ -168,6 +168,7 @@ CONFIG_ARRAY=( "ACL_ANYONE" "SOLR_HEAP" "SKIP_SOLR" + "ENABLE_SSL_SNI" "ALLOW_ADMIN_EMAIL_LOGIN" "SKIP_HTTP_VERIFICATION" "SOGO_EXPIRE_SESSION" @@ -275,7 +276,15 @@ for option in ${CONFIG_ARRAY[@]}; do echo '# Solr is disabled by default after upgrading from non-Solr to Solr-enabled mailcows.' >> mailcow.conf echo '# Disable Solr or if you do not want to store a readable index of your mails in solr-vol-1.' >> mailcow.conf echo "SKIP_SOLR=y" >> mailcow.conf - fi + fi + elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then + if ! grep -q ${option} mailcow.conf; then + echo "Adding new option \"${option}\" to mailcow.conf" + echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf + echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf + echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf + echo "ENABLE_SSL_SNI=n" >> mailcow.conf + fi elif [[ ${option} == "MAILDIR_SUB" ]]; then if ! grep -q ${option} mailcow.conf; then echo "Adding new option \"${option}\" to mailcow.conf" @@ -407,7 +416,7 @@ docker-compose pull # Fix missing SSL, does not overwrite existing files [[ ! -d data/assets/ssl ]] && mkdir -p data/assets/ssl -cp -n data/assets/ssl-example/*.pem data/assets/ssl/ +cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/ echo -e "Checking IPv6 settings... " if grep -q 'SYSCTL_IPV6_DISABLED=1' mailcow.conf; then