Laudende Default seite entfernen
parent
95effd60bf
commit
eb21584f33
|
|
@ -4,39 +4,50 @@ source ./lib.sh
|
||||||
|
|
||||||
install -d /etc/letsencrypt/renewal-hooks/deploy
|
install -d /etc/letsencrypt/renewal-hooks/deploy
|
||||||
|
|
||||||
# --- 50: Symlink-Hook (setzt stabile /etc/ssl/{ui,webmail,mail}) ---
|
cat >/etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh <<'HOOK'
|
||||||
cat >/etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh <<HOOK
|
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
|
# Env aus dem Installer laden (falls vorhanden), aber unbound vermeiden
|
||||||
|
set +u
|
||||||
|
[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env
|
||||||
|
set -u
|
||||||
|
|
||||||
UI_SSL_DIR="/etc/ssl/ui"
|
UI_SSL_DIR="/etc/ssl/ui"
|
||||||
WEBMAIL_SSL_DIR="/etc/ssl/webmail"
|
WEBMAIL_SSL_DIR="/etc/ssl/webmail"
|
||||||
MAIL_SSL_DIR="/etc/ssl/mail"
|
MAIL_SSL_DIR="/etc/ssl/mail"
|
||||||
|
|
||||||
UI_HOST="${UI_HOST}"
|
# Falls Variablen nicht gesetzt sind → leere Defaults (vermeidet unbound)
|
||||||
WEBMAIL_HOST="${WEBMAIL_HOST}"
|
UI_HOST="${UI_HOST:-}"
|
||||||
MX_HOST="${MAIL_HOSTNAME}"
|
WEBMAIL_HOST="${WEBMAIL_HOST:-}"
|
||||||
|
MX_HOST="${MAIL_HOSTNAME:-}"
|
||||||
|
|
||||||
|
UI_LE="/etc/letsencrypt/live/${UI_HOST}"
|
||||||
|
WEBMAIL_LE="/etc/letsencrypt/live/${WEBMAIL_HOST}"
|
||||||
|
MX_LE="/etc/letsencrypt/live/${MX_HOST}"
|
||||||
|
|
||||||
link_if() {
|
link_if() {
|
||||||
local host="\$1" target_dir="\$2"
|
local le_base="$1" target_dir="$2"
|
||||||
[[ -z "\$host" ]] && return 0
|
local cert="${le_base}/fullchain.pem"
|
||||||
local le="/etc/letsencrypt/live/\${host}"
|
local key="${le_base}/privkey.pem"
|
||||||
local cert="\${le}/fullchain.pem"
|
if [ -f "$cert" ] && [ -f "$key" ]; then
|
||||||
local key="\${le}/privkey.pem"
|
install -d -m 0755 "$target_dir"
|
||||||
[[ -f "\$cert" && -f "\$key" ]] || return 0
|
ln -sf "$cert" "${target_dir}/fullchain.pem"
|
||||||
install -d -m 0755 "\$target_dir"
|
ln -sf "$key" "${target_dir}/privkey.pem"
|
||||||
ln -sf "\$cert" "\${target_dir}/fullchain.pem"
|
echo "[+] Linked ${target_dir} -> ${le_base}"
|
||||||
ln -sf "\$key" "\${target_dir}/privkey.pem"
|
fi
|
||||||
echo "[+] Linked \${target_dir} -> \${le}"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
link_if "${UI_HOST}" "\${UI_SSL_DIR}"
|
# Nur linken, wenn Hostnamen vorhanden sind
|
||||||
link_if "${WEBMAIL_HOST}" "\${WEBMAIL_SSL_DIR}"
|
[ -n "$UI_HOST" ] && link_if "$UI_LE" "$UI_SSL_DIR"
|
||||||
link_if "${MX_HOST}" "\${MAIL_SSL_DIR}"
|
[ -n "$WEBMAIL_HOST" ] && link_if "$WEBMAIL_LE" "$WEBMAIL_SSL_DIR"
|
||||||
|
[ -n "$MX_HOST" ] && link_if "$MX_LE" "$MAIL_SSL_DIR"
|
||||||
|
|
||||||
|
# Dienste neu laden
|
||||||
systemctl reload nginx || true
|
systemctl reload nginx || true
|
||||||
systemctl reload postfix dovecot || true
|
systemctl reload postfix dovecot || true
|
||||||
HOOK
|
HOOK
|
||||||
|
|
||||||
chmod +x /etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh
|
chmod +x /etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh
|
||||||
|
|
||||||
# --- 60: TLSA-Hook (bei jedem Renew für MX neu berechnen – falls Key doch rotiert) ---
|
# --- 60: TLSA-Hook (bei jedem Renew für MX neu berechnen – falls Key doch rotiert) ---
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue