lordwelch/chasquid
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

You must login to view /lordwelch/chasquid/src/commit/8e9ea901e9ec125d7de24c97892cade1f0723e54/chasquid.go.
The GitHub option should be usable for most people, it only links via username.

Files
master
chasquid/docker/entrypoint.sh
Alberto Bertogli cf18565b80 docker: Use supervisord to launch chasquid and dovecot 
Today, we launch dovecot in the background and chasquid in the
foreground using sudo.

This means that dovecot failures won't propagate, and signals to the
container (e.g. to stop it) also don't get propagated to dovecot
(because it's in the background) or chasquid (because they don't go
beyond the sudo process).

Thanks to [Guiorgy@github](https://github.com/Guiorgy) for identifying
the problem, proposing alternatives, help debugging, and discussing this
in https://github.com/albertito/chasquid/pull/70.
2025-08-04 21:18:16 +01:00

109 lines
3.4 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
#
# Script that is used as a Docker entrypoint.
#
set -e
if ! grep -q data /proc/mounts; then
echo "/data is not mounted."
echo "Check that the /data volume is set up correctly."
exit 1
fi
# Create the directory structure if it's not there.
# Some of these directories are symlink targets, see the Dockerfile.
mkdir -p /data/chasquid
mkdir -p /data/letsencrypt
mkdir -p /data/chasquid
mkdir -p /data/chasquid/domains
mkdir -p /data/dovecot
# Set up the certificates for the requested domains.
if [ "$AUTO_CERTS" != "" ]; then
# If we were given an email to use for letsencrypt, use it. Otherwise
# continue without one.
MAIL_OPTS="--register-unsafely-without-email"
if [ "$CERTS_MAIL" != "" ]; then
MAIL_OPTS="-m $CERTS_MAIL"
fi
for DOMAIN in $AUTO_CERTS; do
# If it has never been set up, then do so.
if ! [ -e "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]; then
# shellcheck disable=SC2086
certbot certonly \
--non-interactive \
--standalone \
--agree-tos \
$MAIL_OPTS \
-d "$DOMAIN"
else
echo "$DOMAIN certificate already set up."
fi
done
# Renew on startup, since the container won't have cron facilities.
# Note this requires you to restart every week or so, to make sure
# your certificate does not expire.
certbot renew
# Give chasquid access to the certificates.
# Dovecot does not need this as it reads them as root.
setfacl -R -m u:chasquid:rX /etc/letsencrypt/{live,archive}
fi
CERT_DOMAINS=""
for i in /etc/letsencrypt/live/*; do
D="${i##*/}" # Extract the last component of the path.
if [ -e "/etc/letsencrypt/live/$D/fullchain.pem" ]; then
CERT_DOMAINS="$CERT_DOMAINS $D"
fi
done
# We need one domain to use as a default - pick the last one.
ONE_DOMAIN=$D
# Check that there's at least once certificate at this point.
if [ "$CERT_DOMAINS" == "" ]; then
echo "No certificates found."
echo
echo "Set AUTO_CERTS='example.com' to automatically get one."
exit 1
fi
# Give chasquid access to the data directory.
mkdir -p /data/chasquid/data
chown -R chasquid /data/chasquid/
# Give dovecot access to the mailbox home.
mkdir -p /data/mail/
chown dovecot:dovecot /data/mail/
# Generate the dovecot ssl configuration based on all the certificates we have.
# The default goes first because dovecot complains otherwise.
echo "# Autogenerated by entrypoint.sh" > /etc/dovecot/auto-ssl.conf
cat >> /etc/dovecot/auto-ssl.conf <<EOF
ssl_cert = </etc/letsencrypt/live/$ONE_DOMAIN/fullchain.pem
ssl_key = </etc/letsencrypt/live/$ONE_DOMAIN/privkey.pem
EOF
for DOMAIN in $CERT_DOMAINS; do
echo "local_name $DOMAIN {"
echo " ssl_cert = </etc/letsencrypt/live/$DOMAIN/fullchain.pem"
echo " ssl_key = </etc/letsencrypt/live/$DOMAIN/privkey.pem"
echo "}"
done >> /etc/dovecot/auto-ssl.conf
# Pick the default domain as default hostname for chasquid. This is only used
# in plain text sessions and on very rare cases, and it's mostly for aesthetic
# purposes.
# Since the list of domains could have changed since the last run, always
# remove and re-add the setting for consistency.
sed -i '/^hostname:/d' /etc/chasquid/chasquid.conf
echo "hostname: '$ONE_DOMAIN'" >> /etc/chasquid/chasquid.conf
# Start the services (dovecot and chasquid, configured in supervisord.conf).
# We exec, so supervisord becomes our init, and it forwards any signals we
# receive from outside the container.
exec supervisord --nodaemon -c /etc/supervisor/supervisord.conf
Reference in New Issue View Git Blame Copy Permalink