diff options
| author | Paul Buetow <paul@buetow.org> | 2022-07-31 11:20:13 +0100 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2022-07-31 11:20:13 +0100 |
| commit | 23b88eada5e53e408a369e67bab58a7fc61a52f1 (patch) | |
| tree | a96b9225bb40043c25a6abffc0b3c03e712b4da1 /frontends/etc | |
| parent | d32a317172229c7cad21d93dbc287716fb993a1b (diff) | |
use hostnames of the servers for mail TLS certs
Diffstat (limited to 'frontends/etc')
| -rw-r--r-- | frontends/etc/acme-client.conf.tpl | 7 | ||||
| -rw-r--r-- | frontends/etc/httpd.conf.tpl | 12 | ||||
| -rw-r--r-- | frontends/etc/mail/smtpd.conf.tpl | 11 |
3 files changed, 22 insertions, 8 deletions
diff --git a/frontends/etc/acme-client.conf.tpl b/frontends/etc/acme-client.conf.tpl index 681f357..544bece 100644 --- a/frontends/etc/acme-client.conf.tpl +++ b/frontends/etc/acme-client.conf.tpl @@ -35,3 +35,10 @@ domain <%= $prefix.$host %> { sign with letsencrypt } <% } %> + +# Mail server domains +domain <%= "$hostname.$domain" %> { + domain key "/etc/ssl/private/<%= "$hostname.$domain" %>.key" + domain full chain certificate "/etc/ssl/<%= "$hostname.$domain" %>.fullchain.pem" + sign with letsencrypt +} diff --git a/frontends/etc/httpd.conf.tpl b/frontends/etc/httpd.conf.tpl index 013e779..d144f9f 100644 --- a/frontends/etc/httpd.conf.tpl +++ b/frontends/etc/httpd.conf.tpl @@ -17,6 +17,18 @@ server "<%= $prefix.$host %>" { } <% } %> +# Current server's FQDN (e.g. for mail server ACME cert requests) +server "<%= "$hostname.$domain" %>" { + listen on * port 80 + location "/.well-known/acme-challenge/*" { + root "/acme" + request strip 2 + } + location * { + block return 302 "https://<%= $prefix %>buetow.org" + } +} + # Gemtexter hosts <% for my $host (qw/foo.zone snonux.land/) { %> server "<%= $prefix.$host %>" { diff --git a/frontends/etc/mail/smtpd.conf.tpl b/frontends/etc/mail/smtpd.conf.tpl index a3c324b..7764b34 100644 --- a/frontends/etc/mail/smtpd.conf.tpl +++ b/frontends/etc/mail/smtpd.conf.tpl @@ -2,21 +2,16 @@ # See smtpd.conf(5) for more information. # I used https://www.checktls.com/TestReceiver for testing. -# -<% - our $primary = $is_primary->($vio0_ip); - our $prefix = $primary ? '' : 'www.'; -%> -pki "buetow_org_tls" cert "/etc/ssl/<%= $prefix %>buetow.org.fullchain.pem" -pki "buetow_org_tls" key "/etc/ssl/private/<%= $prefix %>buetow.org.key" +pki "buetow_org_tls" cert "/etc/ssl/<%= "$hostname.$domain" %>.fullchain.pem" +pki "buetow_org_tls" key "/etc/ssl/private/<%= "$hostname.$domain" %>.key" table aliases file:/etc/mail/aliases table virtualdomains file:/etc/mail/virtualdomains table virtualusers file:/etc/mail/virtualusers listen on socket -listen on all tls pki "buetow_org_tls" hostname "<%= $prefix %>buetow.org" +listen on all tls pki "buetow_org_tls" hostname "<%= "$hostname.$domain" %>" #listen on all action localmail mbox alias <aliases> |