Closed imro2 closed 4 months ago
@doanguyen hey can you have a look at this PR when you have free time :)?
Hi @imro2 are you still using the simplelogin-postfix-docker project? Looks like nobody is maintaining that project? Do you have any Information? Regards
@smargold476 I still use it. However I use a modified version that does DNS verification with Let's encrypt.
Maybe take a look at this separate container. https://hub.docker.com/r/rehanone/auto-cert-manager. I supports the staging. I think this container should do just postfix
and not certificate management.
I would like to propose that we remove the CertBot support completely from this repo and make it work best in providing support for Postfix which is its original purpose. The SSL_CERT_FOLDER
provides a great way to supply the certs for this repo. I have actually refactored the cert generation out into a standalone docker image like this:
cert-manager:
image: rehanone/auto-cert-manager:${CERT_MANAGER_VERSION}
container_name: 'simplelogin-cert-manager'
secrets:
- linode_api_key
environment:
DOMAINS: example.com
EMAIL: ${CERT_MANAGER_EMAIL}
CERTBOT_PLUGIN: linode
LINODE_API_KEY_FILE: /run/secrets/linode_api_key
PROPAGATION_SECONDS: ${CERT_MANAGER_PROPAGATION_SECONDS}
DEBUG: true
STAGING: ${CERT_MANAGER_STAGING}
volumes:
- type: bind
source: /docker-data/simplelogin/tls/letsencrypt
target: /etc/letsencrypt
read_only: false
- type: bind
source: /docker-data/simplelogin/tls/certs
target: /certs
read_only: false
- type: bind
source: /docker-data/simplelogin/tls/log
target: /var/log/letsencrypt
read_only: false
restart: 'unless-stopped'
postfix:
image: simplelogin/postfix:${POSTFIX_VERSION}
container_name: 'simplelogin-postfix'
secrets:
- postgres
networks:
- sl-net
environment:
ALIASES_DEFAULT_DOMAIN: example.com
DB_HOST: db
DB_USER: ${DB_USER}
DB_PASSWORD_FILE: /run/secrets/postgres
DB_NAME: simplelogin
LETSENCRYPT_EMAIL: example@example.com
EMAIL_HANDLER_HOST: email
POSTFIX_FQDN: sl.mahmoods.org
SSL_CERT_FOLDER: /etc/letsencrypt/live/app.example.com
SIMPLELOGIN_COMPATIBILITY_MODE: ${SIMPLELOGIN_COMPATIBILITY_MODE}
RELAY_HOST: ${RELAY_HOST}
RELAY_HOST_USERNAME: ${RELAY_HOST_USERNAME}
RELAY_HOST_PASSWORD: ${RELAY_HOST_PASSWORD}
volumes:
- type: bind
source: /docker-data/simplelogin/tls/letsencrypt
target: /etc/letsencrypt
read_only: true
ports:
- "25:25/tcp"
depends_on:
db:
condition: service_healthy
restart: 'unless-stopped'
I would like to propose that we remove the CertBot support completely from this repo and make it work best in providing support for Postfix which is its original purpose.
I strongly support this recommendation.
I think, from a separation of concerns point of view, this Docker image should not concern itself with issueing and renewing certificates. One can choose, for instance, an alternate mechanis than Certbot. In fact, in my self-host, I use acme.sh which has better or simpler integration with my DNS provider for wildcard certificates.
Closing this PR as it is not required anymore.
Adding the ability to use Let's encrypt staging server via cli.ini template. Related to issue #2