mirror of
https://github.com/nodemailer/wildduck.git
synced 2024-12-26 09:50:47 +08:00
84 lines
2.8 KiB
Bash
Executable file
84 lines
2.8 KiB
Bash
Executable file
#! /bin/bash
|
|
|
|
OURNAME=13_install_ssl_certs.sh
|
|
|
|
echo -e "\n-- Executing ${ORANGE}${OURNAME}${NC} subscript --"
|
|
|
|
#### SSL CERTS ####
|
|
|
|
# Install acme.sh
|
|
# NOTE: the version 3.0.7 has a bug with Nginx certs, so version is pinned to 3.0.6
|
|
ACME_VERSION="3.0.6"
|
|
wget https://raw.githubusercontent.com/acmesh-official/acme.sh/${ACME_VERSION}/acme.sh
|
|
sh acme.sh --install --auto-upgrade 0
|
|
rm -rf acme.sh
|
|
|
|
# WildDuck TLS config
|
|
echo 'cert="/etc/wildduck/certs/fullchain.pem"
|
|
key="/etc/wildduck/certs/privkey.pem"' > /etc/wildduck/tls.toml
|
|
|
|
sed -i -e "s/key=/#key=/g;s/cert=/#cert=/g" /etc/zone-mta/interfaces/feeder.toml
|
|
echo '# @include "../../wildduck/tls.toml"' >> /etc/zone-mta/interfaces/feeder.toml
|
|
|
|
# vanity script as first run should not restart anything
|
|
echo '#!/bin/bash
|
|
echo "OK"' > /usr/local/bin/reload-services.sh
|
|
chmod +x /usr/local/bin/reload-services.sh
|
|
|
|
~/.acme.sh/acme.sh --issue --nginx --server letsencrypt \
|
|
-d "$HOSTNAME" \
|
|
--key-file /etc/wildduck/certs/privkey.pem \
|
|
--fullchain-file /etc/wildduck/certs/fullchain.pem \
|
|
--reloadcmd "/usr/local/bin/reload-services.sh" \
|
|
--force || echo "Warning: Failed to generate certificates, using self-signed certs"
|
|
|
|
# Update site config, make sure ssl is enabled
|
|
echo "server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
|
|
server_name $HOSTNAME;
|
|
|
|
ssl_certificate /etc/wildduck/certs/fullchain.pem;
|
|
ssl_certificate_key /etc/wildduck/certs/privkey.pem;
|
|
|
|
# special config for EventSource to disable gzip
|
|
location /api/events {
|
|
proxy_http_version 1.1;
|
|
gzip off;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header HOST \$http_host;
|
|
proxy_set_header X-NginX-Proxy true;
|
|
proxy_pass http://127.0.0.1:3000;
|
|
proxy_redirect off;
|
|
}
|
|
|
|
# special config for uploads
|
|
location /webmail/send {
|
|
client_max_body_size 15M;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header HOST \$http_host;
|
|
proxy_set_header X-NginX-Proxy true;
|
|
proxy_pass http://127.0.0.1:3000;
|
|
proxy_redirect off;
|
|
}
|
|
|
|
location / {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header HOST \$http_host;
|
|
proxy_set_header X-NginX-Proxy true;
|
|
proxy_pass http://127.0.0.1:3000;
|
|
proxy_redirect off;
|
|
}
|
|
}" > "/etc/nginx/sites-available/$HOSTNAME"
|
|
|
|
#See issue https://github.com/nodemailer/wildduck/issues/83
|
|
$SYSTEMCTL_PATH start nginx
|
|
$SYSTEMCTL_PATH reload nginx
|