From 0d532221d14c9e8f0e4315b10a18f3d0dbf94e4e Mon Sep 17 00:00:00 2001 From: "James Z.M. Gao" Date: Wed, 4 May 2016 05:14:13 +0800 Subject: add support for secure ports --- Dockerfile | 3 +++ README.md | 5 +++++ content/etc/davmail/davmail.properties.template | 8 ++++---- content/opt/davmail/entrypoint.sh | 9 +++++++++ 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index ce55fe4..02b496e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,9 @@ RUN apk --update upgrade && \ USER davmail +# if $DAVMAIL_SSL_PASS is not empty, use this file as keystoreFile of type PKCS12 +VOLUME ["/etc/davmail/davmail.p12"] + EXPOSE 1080 EXPOSE 1143 EXPOSE 1389 diff --git a/README.md b/README.md index 5f5613c..b9dc008 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ Accepted docker environment variables: * DAVMAIL_SERVER_CERTIFICATE_HASH: optional, cirtificate hash, like 11:22:... * DAVMAIL_NTLM_DOMAIN: optional, windows domain * DAVMAIL_CONFIG_URL: a url for downloading a specific configuration, this can override all other options +* DAVMAIL_SSL_PASS: optional, set to the password of a PKCS12 SSL file Listened ports: @@ -26,3 +27,7 @@ Listened ports: * ldap port: 1389 * pop3 port: 1110 * smtp port: 1025 + +Volume: + +* "/etc/davmail/davmail.p12": if DAVMAIL_SSL_PASS is not empty, use this as the keystore file of type PKCS12 diff --git a/content/etc/davmail/davmail.properties.template b/content/etc/davmail/davmail.properties.template index 74b9584..c37be5b 100644 --- a/content/etc/davmail/davmail.properties.template +++ b/content/etc/davmail/davmail.properties.template @@ -39,10 +39,10 @@ davmail.bindAddress= davmail.clientSoTimeout= # DavMail listeners SSL configuration -davmail.ssl.keystoreType= -davmail.ssl.keystoreFile= -davmail.ssl.keystorePass= -davmail.ssl.keyPass= +davmail.ssl.keystoreType=${DAVMAIL_SSL_PASS:+PKCS12} +davmail.ssl.keystoreFile=${DAVMAIL_SSL_PASS:+/etc/davmail/davmail.p12} +davmail.ssl.keystorePass=${DAVMAIL_SSL_PASS} +davmail.ssl.keyPass=${DAVMAIL_SSL_PASS} # Accept specified certificate even if invalid according to trust store davmail.server.certificate.hash=${DAVMAIL_SERVER_CERTIFICATE_HASH} diff --git a/content/opt/davmail/entrypoint.sh b/content/opt/davmail/entrypoint.sh index 7b3b518..6555503 100755 --- a/content/opt/davmail/entrypoint.sh +++ b/content/opt/davmail/entrypoint.sh @@ -13,6 +13,15 @@ elif [ -n "$DAVMAIL_URL" ]; then done < /etc/davmail/davmail.properties.template > $CONFIG fi +if [ -n "$DAVMAIL_SSL_PASS" ]; then + if [ ! -r /etc/davmail/davmail.p12 ] || [ ! -s /etc/davmail/davmail.p12 ]; then + echo "ERROR: can't read ssl keystore [/etc/davmail/davmail.p12]!" + return 2 + fi +fi + +if [ -z "$DAVMAIL_SSL_PASS" ] || [ ! -s /etc/davmail/davmail.p12 ] + if [ -r "$CONFIG" ]; then exec /opt/davmail/davmail.sh "$CONFIG" else -- cgit v1.2.3