From 161efbe526550921105669c3451a599d53d27bc6 Mon Sep 17 00:00:00 2001
From: CdRom1 <r.maliach@live.fr>
Date: Fri, 14 Dec 2018 18:13:38 +0100
Subject: [PATCH] =?UTF-8?q?Cr=C3=A9ation=20d'un=20conteneur=20charg=C3=A9?=
=?UTF-8?q?=20de=20copier=20les=20certificats=20depuis=20traefik?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
docker-compose/mail.yml | 41 ++++++++++++-------
pica-mail-copy-certs/Dockerfile | 4 ++
.../update-certs-pica-mail.sh | 4 ++
3 files changed, 35 insertions(+), 14 deletions(-)
create mode 100644 pica-mail-copy-certs/Dockerfile
create mode 100755 pica-mail-copy-certs/update-certs-pica-mail.sh
diff --git a/docker-compose/mail.yml b/docker-compose/mail.yml
index 567014ad..cc983b39 100644
--- a/docker-compose/mail.yml
+++ b/docker-compose/mail.yml
@@ -15,25 +15,38 @@ services:
- /var/lib/docker/volumes/mail-mda-log/_data:/var/log
mail-mta:
- build: ../pica-mail-mta
- image: pica-mail-mta
- container_name: pica-mail-mta
-# ports:
+ build: ../pica-mail-mta
+ image: pica-mail-mta
+ container_name: pica-mail-mta
+# ports:
# - "25:25"
- networks:
+ networks:
- mail
- volumes:
+ volumes:
- /var/lib/docker/volumes/mail-mta-log/_data:/var/log
-# - /DATA/docker/mail/opendkim/nov2018.private:/etc/dkimkeys/nov2018.picasoft.net.rsa:ro
- environment:
- - LMTP_LAN_HOSTNAME=pica-mail-mda.pica_mail
-# labels:
-# - "traefik.frontend.rule=Host:mail-test-picasoft.maliach.fr"
+ - /DATA/docker/mail/opendkim/nov2018.private:/etc/dkimkeys/nov2018.picasoft.net.rsa:ro
+ environment:
+ - LMTP_LAN_HOSTNAME=pica-mail-mda.pica_mail
+ labels:
+ - "traefik.frontend.rule=Host:mail-test-picasoft.maliach.fr"
# - "traefik.port=80"
-# - "traefik.enable=true"
-# - "traefik.docker.network=pica_mail"
+ - "traefik.enable=true"
+ - "traefik.docker.network=pica_mail"
+
+ mail-copy-certs:
+ build: ../pica-mail-copy-certs
+ image: pica-mail-copy-certs
+ container_name: pica-mail-copy-certs
+ volumes:
+#contient acme.json
+ - /DATA/docker/traefik/certs/:/DATA/docker/traefik/certs/
+#output
+ - /DATA/docker/mail/ssl/:/DATA/docker/mail/ssl/
+ environment:
+ - DOMAIN=mail-test-picasoft.maliach.fr
+
-#on demande à traefik de générer un certificat (qu'on va récupérer dans acme.json) mais on n'expose aucun service.
+
networks:
mail:
diff --git a/pica-mail-copy-certs/Dockerfile b/pica-mail-copy-certs/Dockerfile
new file mode 100644
index 00000000..642fadf5
--- /dev/null
+++ b/pica-mail-copy-certs/Dockerfile
@@ -0,0 +1,4 @@
+From alpine
+COPY ./update-certs-pica-mail.sh /scripts/pica-mail-copy-certs.sh
+RUN apk add --no-cache jq
+ENTRYPOINT ["/scripts/pica-mail-copy-certs.sh"]
diff --git a/pica-mail-copy-certs/update-certs-pica-mail.sh b/pica-mail-copy-certs/update-certs-pica-mail.sh
new file mode 100755
index 00000000..99b0b168
--- /dev/null
+++ b/pica-mail-copy-certs/update-certs-pica-mail.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+echo pica-copying certs for ${DOMAIN} from /DATA/docker/traefik/certs/acme.json to /DATA/docker/mail/ssl
+cat /DATA/docker/traefik/certs/acme.json | jq -r --arg domain ${DOMAIN} '.Certificates[] | if .Domain.Main == $domain then . else empty end | .Certificate' > /DATA/docker/mail/ssl/cert
+cat /DATA/docker/traefik/certs/acme.json | jq -r --arg domain ${DOMAIN} '.Certificates[] | if .Domain.Main == $domain then . else empty end | .Key' > /DATA/docker/mail/ssl/key
--
GitLab