Dovecot uses default certificate
This commit is contained in:
parent
43c5e1dd15
commit
6ec1758fad
|
@ -309,11 +309,13 @@ function install_xmpp_main {
|
|||
return
|
||||
fi
|
||||
|
||||
if [[ $ONION_ONLY == 'no' ]]; then
|
||||
# obtain a cert for the default domain
|
||||
if [[ $(cert_exists ${DEFAULT_DOMAIN_NAME} pem) == "0" ]]; then
|
||||
echo $'Obtaining certificate for the main domain'
|
||||
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
|
||||
fi
|
||||
fi
|
||||
|
||||
apt-get -yq install lua-sec lua-bitop
|
||||
apt-get -yq install prosody prosody-modules mercurial
|
||||
|
@ -340,29 +342,19 @@ function install_xmpp_main {
|
|||
|
||||
# create a certificate
|
||||
if [[ $(cert_exists ${DEFAULT_DOMAIN_NAME} pem) == "0" ]]; then
|
||||
if [[ $(cert_exists ${DEFAULT_DOMAIN_NAME} xmpp) == "0" ]]; then
|
||||
if [[ $(cert_exists xmpp) == "0" ]]; then
|
||||
${PROJECT_NAME}-addcert -h xmpp --dhkey ${DH_KEYLENGTH}
|
||||
check_certificates xmpp
|
||||
fi
|
||||
fi
|
||||
if [ -f /etc/ssl/private/xmpp.key ]; then
|
||||
chown prosody:prosody /etc/ssl/private/xmpp.key
|
||||
fi
|
||||
if [ -f /etc/ssl/certs/xmpp.crt ]; then
|
||||
chown prosody:prosody /etc/ssl/certs/xmpp.crt
|
||||
fi
|
||||
if [ -f /etc/ssl/certs/xmpp.dhparam ]; then
|
||||
chown prosody:prosody /etc/ssl/certs/xmpp.dhparam
|
||||
fi
|
||||
if [ -f /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key ]; then
|
||||
chown prosody:prosody /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key
|
||||
fi
|
||||
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
||||
chown prosody:prosody /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem
|
||||
fi
|
||||
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
|
||||
chown prosody:prosody /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
|
||||
fi
|
||||
|
||||
groupadd default
|
||||
usermod -g default prosody
|
||||
|
||||
chown root:default /etc/ssl/private/xmpp.*
|
||||
chown root:default /etc/ssl/certs/xmpp.*
|
||||
chown root:default /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.*
|
||||
chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*
|
||||
|
||||
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||
|
||||
|
|
|
@ -1218,24 +1218,44 @@ function configure_imap {
|
|||
exit 48
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/ssl/certs/dovecot.dhparam ]; then
|
||||
if [[ $ONION_ONLY == 'no' ]]; then
|
||||
# obtain a cert for the default domain
|
||||
if [[ $(cert_exists ${DEFAULT_DOMAIN_NAME} pem) == "0" ]]; then
|
||||
echo $'Obtaining certificate for the main domain'
|
||||
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ $(cert_exists ${DEFAULT_DOMAIN_NAME} pem) == "0" ]]; then
|
||||
if [[ $(cert_exists dovecot) == "0" ]]; then
|
||||
${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH
|
||||
check_certificates dovecot
|
||||
fi
|
||||
chown root:dovecot /etc/ssl/certs/dovecot.*
|
||||
chown root:dovecot /etc/ssl/private/dovecot.*
|
||||
fi
|
||||
|
||||
groupadd default
|
||||
usermod -g default dovecot
|
||||
|
||||
chown root:default /etc/ssl/certs/dovecot.*
|
||||
chown root:default /etc/ssl/private/dovecot.*
|
||||
chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*
|
||||
chown root:default /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.*
|
||||
|
||||
if [ ! -f /etc/dovecot/conf.d/10-ssl.conf ]; then
|
||||
echo $'Unable to find /etc/dovecot/conf.d/10-ssl.conf'
|
||||
exit 83629
|
||||
fi
|
||||
sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's|ssl = no|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's|ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's|ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's|#ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's|ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's|ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
if [[ $(cert_exists ${DEFAULT_DOMAIN_NAME} pem) == "1" ]]; then
|
||||
sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
else
|
||||
sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
fi
|
||||
sed -i "s|#ssl_key =.*|ssl_key = </etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i "s|ssl_key =.*|ssl_key = </etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = 2048|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's/#ssl_prefer_server_ciphers.*/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i "s|#ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
|
|
Loading…
Reference in New Issue