Merge pull request #468 from dtwardow/flex_tls_filenames

TLS using configurable filenames
2018-05-28 23:00:14 +02:00
parent 91e51a24c8 8f5036e769
commit a9e41960a1
2 changed files with 8 additions and 5 deletions
--- a/core/nginx/config.py
+++ b/core/nginx/config.py
@@ -22,11 +22,13 @@ if "HOST_ANTISPAM" not in args:
    args["HOST_ANTISPAM"] = "antispam:11334"
 # TLS configuration
 cert_name = os.getenv("TLS_CERT_FILENAME", default="cert.pem")
 keypair_name = os.getenv("TLS_KEYPAIR_FILENAME", default="key.pem")
 args["TLS"] = {
-    "cert": ("/certs/cert.pem", "/certs/key.pem"),
+    "cert": ("/certs/%s" % cert_name, "/certs/%s" % keypair_name),
    "letsencrypt": ("/certs/letsencrypt/live/mailu/fullchain.pem",
        "/certs/letsencrypt/live/mailu/privkey.pem"),
-    "mail": ("/certs/cert.pem", "/certs/key.pem"),
+    "mail": ("/certs/%s" % cert_name, "/certs/%s" % keypair_name),
    "mail-letsencrypt": ("/certs/letsencrypt/live/mailu/fullchain.pem",
        "/certs/letsencrypt/live/mailu/privkey.pem"),
    "notls": None
--- a/docs/compose/setup.rst
+++ b/docs/compose/setup.rst
@@ -107,10 +107,11 @@ Finish setting up TLS
 Mailu relies heavily on TLS and must have a key pair and a certificate
 available, at least for the hostname configured in the ``.env`` file.
-If you set ``TLS_FLAVOR`` to ``cert`` or if then you must create a ``certs`` directory
+If you set ``TLS_FLAVOR`` to ``cert`` or ``mail`` then you must create a ``certs`` directory
 in your root path and setup a key-certificate pair there:
- ``cert.pem`` contains the certificate,
+
- ``key.pem`` contains the key pair.
+- ``cert.pem`` contains the certificate (override with ``TLS_CERT_FILENAME``),
 - ``key.pem`` contains the key pair (override with ``TLS_KEYPAIR_FILENAME``).
 Start Mailu
 -----------