simplelogin-postfix-docker icon indicating copy to clipboard operation
simplelogin-postfix-docker copied to clipboard

Published 20 hours ago verified publisher icon simple-login

Added ability to use LE staging via env

Open imro2 opened this issue 4 years ago • 6 comments

Adding the ability to use Let's encrypt staging server via cli.ini template. Related to issue #2

imro2 avatar Apr 14 '21 05:04 imro2

@doanguyen hey can you have a look at this PR when you have free time :)?

nguyenkims avatar Apr 14 '21 14:04 nguyenkims

Hi @imro2 are you still using the simplelogin-postfix-docker project? Looks like nobody is maintaining that project? Do you have any Information? Regards

smargold476 avatar Jul 07 '22 06:07 smargold476

@smargold476 I still use it. However I use a modified version that does DNS verification with Let's encrypt.

imro2 avatar Jul 08 '22 00:07 imro2

Maybe take a look at this separate container. https://hub.docker.com/r/rehanone/auto-cert-manager. I supports the staging. I think this container should do just postfixand not certificate management.

rehanone avatar Oct 04 '22 20:10 rehanone

I would like to propose that we remove the CertBot support completely from this repo and make it work best in providing support for Postfix which is its original purpose. The SSL_CERT_FOLDER provides a great way to supply the certs for this repo. I have actually refactored the cert generation out into a standalone docker image like this:

  cert-manager:
    image: rehanone/auto-cert-manager:${CERT_MANAGER_VERSION}
    container_name: 'simplelogin-cert-manager'
    secrets:
      - linode_api_key
    environment:
      DOMAINS: example.com
      EMAIL: ${CERT_MANAGER_EMAIL}
      CERTBOT_PLUGIN: linode
      LINODE_API_KEY_FILE: /run/secrets/linode_api_key
      PROPAGATION_SECONDS: ${CERT_MANAGER_PROPAGATION_SECONDS}
      DEBUG: true
      STAGING: ${CERT_MANAGER_STAGING}
    volumes:
      - type: bind
        source: /docker-data/simplelogin/tls/letsencrypt
        target: /etc/letsencrypt
        read_only: false
      - type: bind
        source: /docker-data/simplelogin/tls/certs
        target: /certs
        read_only: false
      - type: bind
        source: /docker-data/simplelogin/tls/log
        target: /var/log/letsencrypt
        read_only: false
    restart: 'unless-stopped'

  postfix:
    image: simplelogin/postfix:${POSTFIX_VERSION}
    container_name: 'simplelogin-postfix'
    secrets:
      - postgres
    networks:
      - sl-net
    environment:
      ALIASES_DEFAULT_DOMAIN: example.com
      DB_HOST: db
      DB_USER: ${DB_USER}
      DB_PASSWORD_FILE: /run/secrets/postgres
      DB_NAME: simplelogin
      LETSENCRYPT_EMAIL: [email protected]
      EMAIL_HANDLER_HOST: email
      POSTFIX_FQDN: sl.mahmoods.org
      SSL_CERT_FOLDER: /etc/letsencrypt/live/app.example.com
      SIMPLELOGIN_COMPATIBILITY_MODE: ${SIMPLELOGIN_COMPATIBILITY_MODE}
      RELAY_HOST: ${RELAY_HOST}
      RELAY_HOST_USERNAME: ${RELAY_HOST_USERNAME}
      RELAY_HOST_PASSWORD: ${RELAY_HOST_PASSWORD}
    volumes:
      - type: bind
        source: /docker-data/simplelogin/tls/letsencrypt
        target: /etc/letsencrypt
        read_only: true
    ports:
      - "25:25/tcp"
    depends_on:
      db:
        condition: service_healthy
    restart: 'unless-stopped'

rehanone avatar Feb 23 '23 14:02 rehanone

I would like to propose that we remove the CertBot support completely from this repo and make it work best in providing support for Postfix which is its original purpose.

I strongly support this recommendation.

I think, from a separation of concerns point of view, this Docker image should not concern itself with issueing and renewing certificates. One can choose, for instance, an alternate mechanis than Certbot. In fact, in my self-host, I use acme.sh which has better or simpler integration with my DNS provider for wildcard certificates.

springcomp avatar Jul 24 '23 15:07 springcomp

Closing this PR as it is not required anymore.

rehanone avatar Jun 03 '24 20:06 rehanone