search

hardware / mailserver

:warning: UNMAINTAINED - Simple and full-featured mail server using Docker
https://store.docker.com/community/images/hardware/mailserver
MIT License
1.29k stars 324 forks source link

New format of acme.json in Traefik 2.0 #409

Closed iBrotNano closed 4 years ago

iBrotNano commented 4 years ago

Classification

Reproducibility

Description

After i tried to migrate to Traefik 2.0 i noticed that the Let's Encrypt certs could not be read correctly.

The new acme.json file has a new format.

I have found a little tool which can dump the cert like your scripts does. But it works with the new format already.

https://github.com/ldez/traefik-certs-dumper

I have configured it to dump the certs in the correct format to work with the mailserver.

Steps to reproduce

  1. Configure the mailserver via docker-compose.yml
  2. Configure Traefik 2.0 via docker-compose.yml
  3. Start everything

Configuration (docker-compose.yml, traefik.toml...etc)

reverse-proxy:
    image: traefik:${TRAEFIK_VERSION}
    restart: always
    hostname: traefik.${FQDN}
    container_name: traefik
    command: 
      - --providers.docker
      - --certificatesresolvers.default.acme.email=admin@${FQDN}
    ports:
      - 80:80     # The HTTP port
      - 443:443   # The HTTPS port
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
      - ./data/traefik/config/traefik.toml:/traefik.toml # The config file
      - ./data/traefik/config/acme.json:/acme.json # Let'd Encrypt's config file
      - ./data/traefik/logs:/logs # Logs
    networks:
      dev-server-network:

 traefik-certs-dumper:
    image: ldez/traefik-certs-dumper:${TRAEFIK_CERT_DUMPER_VERSION}
    restart: always
    hostname: traefik-certs-dumper.${FQDN}
    container_name: traefik-certs-dumper
    command: file --source ./source/acme.json --version v2 --clean --watch --domain-subdir --crt-name=fullchain --key-name=privkey --crt-ext=.pem --key-ext=.pem
    volumes:
      - ./data/traefik-certs-dumper/data:/dump
      - ./data/traefik/config:/source
    networks:
      dev-server-network:

  mailserver:
    image: hardware/mailserver:${MAILSERVER_VERSION}
    restart: always
    hostname: mail.${FQDN}
    container_name: mailserver
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mail.rule=Host(`mail.${FQDN}`) || Host(`spam.${FQDN}`)"
      - "traefik.http.routers.mail.entrypoints=http,https"
      - "traefik.http.routers.mail.tls=true"
      - "traefik.http.routers.mail.tls.certresolver=default"
      - "traefik.http.services.mail.loadbalancer.server.port=11334"
    ports:
      - "25:25"       # SMTP                - Required
      - "110:110"     # POP3       STARTTLS - Optional - For webmails/desktop clients
      - "143:143"     # IMAP       STARTTLS - Optional - For webmails/desktop clients
      - "465:465"     # SMTPS      SSL/TLS  - Optional - Enabled for compatibility reason, otherwise disabled
      - "587:587"     # Submission STARTTLS - Optional - For webmails/desktop clients
      - "993:993"     # IMAPS      SSL/TLS  - Optional - For webmails/desktop clients
      - "995:995"     # POP3S      SSL/TLS  - Optional - For webmails/desktop clients
      - "4190:4190"   # SIEVE      STARTTLS - Optional - Recommended for mail filtering
    environment:
      - DBPASS=${MAILSERVER_DATABASE_USER_PASSWORD}       # MariaDB database password (required)
      - RSPAMD_PASSWORD=${MAILSERVER_RSPAMD_PASSWORD}     # Rspamd WebUI password (required)
    # - ENABLE_ENCRYPTION=false                # Disables encryption because it causes a bug with a memory leak in 1.1
    # - DISABLE_DNS_RESOLVER=true
    # - ADD_DOMAINS=aa.tld, www.bb.tld...      # Add additional domains separated by commas (needed for dkim keys etc.)
    # - DEBUG_MODE=true                        # Enable Postfix, Dovecot, Rspamd and Unbound verbose logging
    # - ENABLE_POP3=true                       # Enable POP3 protocol
    # - ENABLE_FETCHMAIL=true                  # Enable fetchmail forwarding
    # - DISABLE_RATELIMITING=false             # Enable ratelimiting policy
    # - DISABLE_CLAMAV=true                    # Disable virus scanning
    # - DISABLE_SIGNING=true                   # Disable DKIM/ARC signing
    # - DISABLE_GREYLISTING=true               # Disable greylisting policy
    #
    # Full list : https://github.com/hardware/mailserver#environment-variables
    #
    volumes:
      - ./data/mail/config:/var/mail
      - ./data/traefik-certs-dumper/data/mail.${FQDN}:/etc/letsencrypt/live/mail.${FQDN}
    depends_on:
      - reverse-proxy
      - mariadb
      - redis
      - traefik-certs-dumper
    networks:
      dev-server-network:
iBrotNano commented 4 years ago

Forgot the parameter --version v2 on the traefik-certs-dumper container. Shame on me.

ghost commented 4 years ago

I've already created a PR (#406) modifying the existing script, because I had the same problem. Apparently it hasn't been merged yet. :man_shrugging:

sknight80 commented 4 years ago

Should we combine this PR with yours @TheZenti ?

ghost commented 4 years ago

I'm slightly confused - as far as I can see, this is no PR (yet), just an issue. :see_no_evil: With the changes in my PR, @iBrotNano's addition of traefik-certs-dumper should be obsolete.

sknight80 commented 4 years ago

Right! Sorry for the confusion. :( My bad. I wanted to refer to the traefik-certs-dumper container. In this case we are good here. :)

sknight80 commented 4 years ago

@iBrotNano , @TheZenti I merged the PR.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.