From d6cf5b991b45879a0d1500e81a577a63d4bf1a71 Mon Sep 17 00:00:00 2001 From: Dennis Boldt Date: Sun, 11 Aug 2019 00:39:52 +0200 Subject: [PATCH 1/6] Update run.sh On the first run, this script shows the error 'diff: can't stat '/output/cert.pem': No such file or directory', because the file does not exist in the folder `/output` yet. This bugfix ensures, that the diff is only called, when all required files are available. --- optional/traefik-certdumper/run.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/optional/traefik-certdumper/run.sh b/optional/traefik-certdumper/run.sh index eeb45ac0..2880d44f 100755 --- a/optional/traefik-certdumper/run.sh +++ b/optional/traefik-certdumper/run.sh @@ -5,8 +5,10 @@ function dump() { traefik-certs-dumper file --crt-name "cert" --crt-ext ".pem" --key-name "key" --key-ext ".pem" --domain-subdir --dest /tmp/work --source /traefik/acme.json > /dev/null - if diff -q /tmp/work/${DOMAIN}/cert.pem /output/cert.pem >/dev/null && \ - diff -q /tmp/work/${DOMAIN}/key.pem /output/key.pem >/dev/null ; then + if [[ -f /tmp/work/${DOMAIN}/cert.pem && -f /tmp/work/${DOMAIN}/key.pem && -f /output/cert.pem && -f /output/key.pem ]] && \ + diff -q /tmp/work/${DOMAIN}/cert.pem /output/cert.pem >/dev/null && \ + diff -q /tmp/work/${DOMAIN}/key.pem /output/key.pem >/dev/null ; \ + then echo "$(date) Certificate and key still up to date, doing nothing" else echo "$(date) Certificate or key differ, updating" From 982caa0e4271391ba6e526ec11f3c7420eefad2e Mon Sep 17 00:00:00 2001 From: Dennis Boldt Date: Sun, 11 Aug 2019 00:49:38 +0200 Subject: [PATCH 2/6] Clean up folders, which traefik-certdumper uses --- docs/reverse.rst | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/reverse.rst b/docs/reverse.rst index f2826890..67b09aba 100644 --- a/docs/reverse.rst +++ b/docs/reverse.rst @@ -176,20 +176,21 @@ One such example is ``mailu/traefik-certdumper``, which has been adapted for use # !!! Also don’t forget to add "TRAEFIK_DOMAIN=[...]" to your .env! - DOMAIN=$TRAEFIK_DOMAIN volumes: + # Folder, which contains the acme.json - "/data/traefik:/traefik" - - "$ROOT/certs:/output" + # Folder, where your.doma.in.crt and your.doma.in.key will be written + - "/data/traefik/certs:/output" - -Assuming you have ``volume-mounted`` your ``acme.json`` put to ``/data/traefik`` on your host. The dumper will then write out ``/data/traefik/ssl/your.doma.in.crt`` -and ``/data/traefik/ssl/your.doma.in.key`` whenever ``acme.json`` is updated. Yay! Now let’s mount this to our ``front`` container like: +Assuming you have ``volume-mounted`` your ``acme.json`` put to ``/data/traefik`` on your host. The dumper will then write out ``/data/traefik/certs/your.doma.in.crt`` +and ``/data/traefik/certs/your.doma.in.key`` whenever ``acme.json`` is updated. Yay! Now let’s mount this to our ``front`` container like: .. code-block:: yaml volumes: - "$ROOT/overrides/nginx:/overrides" - - /data/traefik/ssl/$TRAEFIK_DOMAIN.crt:/certs/cert.pem - - /data/traefik/ssl/$TRAEFIK_DOMAIN.key:/certs/key.pem + - /data/traefik/certs/$TRAEFIK_DOMAIN.crt:/certs/cert.pem + - /data/traefik/certs/$TRAEFIK_DOMAIN.key:/certs/key.pem .. _`Traefik`: https://traefik.io/ From a9089710c8f6eff9f356b4b4e7618d606e74cc70 Mon Sep 17 00:00:00 2001 From: Dennis Boldt Date: Sun, 11 Aug 2019 01:06:53 +0200 Subject: [PATCH 3/6] Fix key-certificate pair names and paths --- docs/reverse.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/reverse.rst b/docs/reverse.rst index 67b09aba..38901410 100644 --- a/docs/reverse.rst +++ b/docs/reverse.rst @@ -182,16 +182,17 @@ One such example is ``mailu/traefik-certdumper``, which has been adapted for use - "/data/traefik/certs:/output" -Assuming you have ``volume-mounted`` your ``acme.json`` put to ``/data/traefik`` on your host. The dumper will then write out ``/data/traefik/certs/your.doma.in.crt`` -and ``/data/traefik/certs/your.doma.in.key`` whenever ``acme.json`` is updated. Yay! Now let’s mount this to our ``front`` container like: +Assuming you have ``volume-mounted`` your ``acme.json`` put to ``/data/traefik`` on your host. The dumper will then write out ``/data/traefik/certs/cert.pem`` and ``/data/traefik/certs/key.pem`` whenever ``acme.json`` is updated. +Yay! Now let’s mount this to our ``front`` container like: .. code-block:: yaml volumes: - - "$ROOT/overrides/nginx:/overrides" - /data/traefik/certs/$TRAEFIK_DOMAIN.crt:/certs/cert.pem - /data/traefik/certs/$TRAEFIK_DOMAIN.key:/certs/key.pem +This works, because we set ``TLS_FLAVOR=mail``, which picks up the key-certificate pair (e.g., ``cert.pem`` and ``key.pem``) from the certs folder in the root path (``/certs/``). + .. _`Traefik`: https://traefik.io/ Override Mailu configuration From 841ce96fbf8602fce66512ab3efc81dc0b384b20 Mon Sep 17 00:00:00 2001 From: Dennis Boldt Date: Sun, 11 Aug 2019 01:12:34 +0200 Subject: [PATCH 4/6] Update mount path to mailu/certs - Thus, we write to /data/mailu/certs, since LE uses the same location - The dumper created cert.pem and key.pem - Mount /data/mailu/certs to certs, where nginx picks them up --- docs/reverse.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reverse.rst b/docs/reverse.rst index 38901410..448357b7 100644 --- a/docs/reverse.rst +++ b/docs/reverse.rst @@ -179,17 +179,17 @@ One such example is ``mailu/traefik-certdumper``, which has been adapted for use # Folder, which contains the acme.json - "/data/traefik:/traefik" # Folder, where your.doma.in.crt and your.doma.in.key will be written - - "/data/traefik/certs:/output" + - "/data/mailu/certs:/output" -Assuming you have ``volume-mounted`` your ``acme.json`` put to ``/data/traefik`` on your host. The dumper will then write out ``/data/traefik/certs/cert.pem`` and ``/data/traefik/certs/key.pem`` whenever ``acme.json`` is updated. +Assuming you have ``volume-mounted`` your ``acme.json`` put to ``/data/traefik`` on your host. The dumper will then write out ``/data/mailu/certs/cert.pem`` and ``/data/mailu/certs/key.pem`` whenever ``acme.json`` is updated. Yay! Now let’s mount this to our ``front`` container like: .. code-block:: yaml volumes: - - /data/traefik/certs/$TRAEFIK_DOMAIN.crt:/certs/cert.pem - - /data/traefik/certs/$TRAEFIK_DOMAIN.key:/certs/key.pem + - /data/mailu/certs:/certs + - /data/mailu/certs:/certs This works, because we set ``TLS_FLAVOR=mail``, which picks up the key-certificate pair (e.g., ``cert.pem`` and ``key.pem``) from the certs folder in the root path (``/certs/``). From eaeb151ff7e78626b8d2aa183b1782fea7805b1e Mon Sep 17 00:00:00 2001 From: Dennis Boldt Date: Sun, 11 Aug 2019 01:17:07 +0200 Subject: [PATCH 5/6] Use default key/cert names (cert.pem & key.pem) --- docs/reverse.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reverse.rst b/docs/reverse.rst index 448357b7..debc9b04 100644 --- a/docs/reverse.rst +++ b/docs/reverse.rst @@ -178,7 +178,7 @@ One such example is ``mailu/traefik-certdumper``, which has been adapted for use volumes: # Folder, which contains the acme.json - "/data/traefik:/traefik" - # Folder, where your.doma.in.crt and your.doma.in.key will be written + # Folder, where cert.pem and key.pem will be written - "/data/mailu/certs:/output" From a5610d3c25394e562c2431ae609cc0911861aa9a Mon Sep 17 00:00:00 2001 From: Dennis Boldt Date: Sun, 18 Aug 2019 17:56:14 +0200 Subject: [PATCH 6/6] Fixed C&P issue --- docs/reverse.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/reverse.rst b/docs/reverse.rst index debc9b04..a55f865e 100644 --- a/docs/reverse.rst +++ b/docs/reverse.rst @@ -189,7 +189,6 @@ Yay! Now let’s mount this to our ``front`` container like: volumes: - /data/mailu/certs:/certs - - /data/mailu/certs:/certs This works, because we set ``TLS_FLAVOR=mail``, which picks up the key-certificate pair (e.g., ``cert.pem`` and ``key.pem``) from the certs folder in the root path (``/certs/``).