-
-
Notifications
You must be signed in to change notification settings - Fork 93
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3b6edcd
commit 3088c71
Showing
4 changed files
with
97 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
<VirtualHost *:80> | ||
ServerName alovoa.com | ||
Redirect permanent / https://alovoa.com/ | ||
RewriteEngine on | ||
RewriteCond %{SERVER_NAME} =alovoa.com | ||
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | ||
</VirtualHost> | ||
<VirtualHost *:80> | ||
ServerName www.alovoa.com | ||
Redirect permanent / https://alovoa.com/ | ||
RewriteEngine on | ||
RewriteCond %{SERVER_NAME} =www.alovoa.com | ||
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | ||
</VirtualHost> | ||
<VirtualHost *:443> | ||
ServerName alovoa.com | ||
SSLEngine On | ||
SSLProxyEngine On | ||
SSLProxyVerify none | ||
SSLProxyCheckPeerCN off | ||
SSLProxyCheckPeerName off | ||
ProxyPass / https://127.0.0.1:8843/ | ||
ProxyPassReverse / https://127.0.0.1:8843/ | ||
RequestHeader set X-Forwarded-Proto https | ||
RequestHeader set X-Forwarded-Port 443 | ||
ProxyPreserveHost On | ||
Include /etc/letsencrypt/options-ssl-apache.conf | ||
SSLCertificateFile /etc/letsencrypt/live/alovoa.com/fullchain.pem | ||
SSLCertificateKeyFile /etc/letsencrypt/live/alovoa.com/privkey.pem | ||
</VirtualHost> | ||
<VirtualHost *:80> | ||
ServerName mail.alovoa.com | ||
ServerAlias autodiscover.* | ||
ServerAlias autoconfig.* | ||
ServerAlias www.mail.alovoa.com | ||
RewriteEngine on | ||
RewriteCond %{HTTPS} off | ||
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L] | ||
ProxyPass / http://127.0.0.1:8080/ | ||
ProxyPassReverse / http://127.0.0.1:8080/ | ||
ProxyPreserveHost On | ||
ProxyAddHeaders On | ||
RequestHeader set X-Forwarded-Proto "http" | ||
RewriteCond %{SERVER_NAME} =autodiscover.* [OR] | ||
RewriteCond %{SERVER_NAME} =mail.alovoa.com [OR] | ||
RewriteCond %{SERVER_NAME} =www.mail.alovoa.com [OR] | ||
RewriteCond %{SERVER_NAME} =autoconfig.* | ||
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | ||
</VirtualHost> | ||
<VirtualHost *:443> | ||
ServerName mail.alovoa.com | ||
ServerAlias www.mail.alovoa.com | ||
ServerAlias autodiscover.* | ||
ServerAlias autoconfig.* | ||
ProxyPass / http://127.0.0.1:8080/ | ||
ProxyPassReverse / http://127.0.0.1:8080/ | ||
ProxyPreserveHost On | ||
ProxyAddHeaders On | ||
RequestHeader set X-Forwarded-Proto "https" | ||
Include /etc/letsencrypt/options-ssl-apache.conf | ||
SSLCertificateFile /etc/letsencrypt/live/alovoa.com/fullchain.pem | ||
SSLCertificateKeyFile /etc/letsencrypt/live/alovoa.com/privkey.pem | ||
</VirtualHost> | ||
|
23 changes: 23 additions & 0 deletions
23
scripts/root/etc/letsencrypt/renewal-hooks/deploy/auto_pfx.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
#!/bin/bash | ||
# Adjust these variables as necessary | ||
|
||
# Where you want to final PKCS12 file to be stored. | ||
CERT_PATH="/opt/alovoa/alovoa.pfx" | ||
|
||
# Password to encrypt the PKCS12 file. | ||
CERT_PW="your-password-here" | ||
|
||
# Path to LE files, RENEWED_LINEAGE provided by CertBot | ||
PRIV_KEY_PEM="$RENEWED_LINEAGE/privkey.pem" | ||
CERT_PEM="$RENEWED_LINEAGE/cert.pem" | ||
CHAIN_PEM="$RENEWED_LINEAGE/chain.pem" | ||
|
||
# If there's already a .pfx file, back it up | ||
if [[ -f "$CERT_PATH" ]]; then | ||
now=`date +%Y-%m-%d-%T` | ||
mv $CERT_PATH $CERT_PATH.bak.$now | ||
fi | ||
|
||
# Le Conversion | ||
openssl pkcs12 -export -out $CERT_PATH -inkey $PRIV_KEY_PEM -in $CERT_PEM -certfile $CHAIN_PEM -password pass:$CERT_PW | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/bin/bash | ||
cp /etc/letsencrypt/live/alovoa.com/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem | ||
cp /etc/letsencrypt/live/alovoa.com/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem | ||
postfix_c=$(docker ps -qaf name=postfix-mailcow) | ||
dovecot_c=$(docker ps -qaf name=dovecot-mailcow) | ||
nginx_c=$(docker ps -qaf name=nginx-mailcow) | ||
docker restart ${postfix_c} ${dovecot_c} ${nginx_c} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters