Open tkpte opened 1 month ago
I do agree that native support for FoundationDB TLS in Stalwart is best.
I have solved this issue for now in the following way:
I have added an EnvironmentFile
directive to the [Service]
section of the Systemd service file:
[Service]
...
first set of options
...
EnvironmentFile=/path/to/stalwart/systemd/env/file
ExecStart=/opt/stalwart-mail/bin/stalwart-mail --config=/opt/stalwart-mail/etc/config.toml
...
last set of options
...
The EnvironmentFile
uses the environment variables specified in the official FoundationDB TLS Documentation.
One note, you must make sure you allow the stalwart-mail user access to the certificate files. I used setfcl
:
setfacl -Rm stalwart-mail:rx /path/to/certs
Thanks so much, this works! I agree it would be good to have the directives in config.toml, but if this works, it's fine to me.
Which feature or improvement would you like to request?
I'd like to see this feature:
Optional directives to specify the paths to the certificate, ca, and key files used by the Rust FoundationDB client to authenticate and establish a secure connection with the coordinator nodes from the fdb.cluster file.
Example config.toml:
Example with fdbcli:
Example with Rust FoundationDB client:
I spent a few hours trying to understand how the libraries foundationdb and foundationdb-sys work, but not easy without any prior experience in Rust and very little in C. The client supports TLS though, as we can see in the foundationdb-sys options file with enums like
FDB_NET_OPTION_TLS_CERT_PATH
,FDB_NET_OPTION_TLS_KEY_PATH
,FDB_NET_OPTION_TLS_CA_PATH
, andFDB_NET_OPTION_TLS_VERIFY_PEERS
.I'd like to see this other feature too:
Support for FoundationDB v7.3.x.
Stalwart /crates/store/Cargo.toml:
but the latest version of the foundationdb already supports the
fdb-7_3
feature (See).Is your feature request related to a problem?
This is necessary because FoundationDB only supports a single authentication method which is mutual TLS.
Code of Conduct