evgeny/modoboa-installer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added custom tls cert support

Browse Source
This commit is contained in:
Spitap
2023-06-21 21:07:20 +02:00
committed by Antoine Nguyen
parent ccae88bb77
commit 4759146d99
4 changed files with 104 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
README.rst
View File

@@ -1,5 +1,5 @@
modoboa-installer **modoboa-installer**
================= =====================
|workflow| |codecov| |workflow| |codecov|
@@ -76,7 +76,7 @@ If you want more information about the installation process, add the
``--debug`` option to your command line. ``--debug`` option to your command line.
Upgrade mode Upgrade mode
------------ ============
An experimental upgrade mode is available. An experimental upgrade mode is available.
@@ -92,7 +92,7 @@ You can activate it as follows::
It will automatically install latest versions of modoboa and its plugins. It will automatically install latest versions of modoboa and its plugins.
Backup mode Backup mode
----------- ===========
An experimental backup mode is available. An experimental backup mode is available.
@@ -129,7 +129,7 @@ configuration file (set enabled to False).
This can be useful for larger instance. This can be useful for larger instance.
Restore mode Restore mode
------------ ============
An experimental restore mode is available. An experimental restore mode is available.
@@ -140,7 +140,7 @@ You can start the process as follows::
Then wait for the process to finish. Then wait for the process to finish.
Change the generated hostname Change the generated hostname
----------------------------- =============================
By default, the installer will setup your email server using the By default, the installer will setup your email server using the
following hostname: ``mail.<your domain>``. If you want a different following hostname: ``mail.<your domain>``. If you want a different
@@ -159,22 +159,37 @@ modifications.
Finally, run the installer without the Finally, run the installer without the
``--stop-after-configfile-check`` option. ``--stop-after-configfile-check`` option.
Let's Encrypt certificate Certificate
------------------------- ===========
Self-signed
-----------
It is the default way of the installer, it is however
not recommended for production use. We recommend using
letsencrypt for production. Using Letsencrypt imply that
you accept their Tos (see bellow)
Letsencrypt
-----------
.. warning:: .. warning::
Please note this option requires the hostname you're using to be Please note that by using this option, you aggree to the `ToS
valid (ie. it can be resolved with a DNS query) and to match the <https://community.letsencrypt.org/tos>`_ of
server you're installing Modoboa on. letsencrypt and that your IP will be logged (see ToS)
Please also note this option requires the hostname you're using to be
valid (ie. it can be resolved with a DNS query) and to match the
server you're installing Modoboa on.
If you want to generate a valid certificate using `Let's Encrypt If you want to generate a valid certificate using `Let's Encrypt
<https://letsencrypt.org/>`_, edit the ``installer.cfg`` file and <https://letsencrypt.org/>`_, edit the ``installer.cfg`` file and
modify the following settings:: modify the following settings::
[certificate] [certificate]
generate = true
type = letsencrypt type = letsencrypt
tls_cert_file_path =
tls_key_file_path =
[letsencrypt] [letsencrypt]
email = admin@example.com email = admin@example.com
@@ -182,6 +197,24 @@ modify the following settings::
Change the ``email`` setting to a valid value since it will be used Change the ``email`` setting to a valid value since it will be used
for account recovery. for account recovery.
Manual
------
.. warning::
It is not possible to configure manual certs interactively.
To do so, please run ``run.py`` with `--stop-after-configfile-check`,
configure your file as desired and apply the configuration as
written bellow. Then run ``run.py`` without
`--stop-after-configfile-check` or `--interactive`.
If you want to use already generated certs, simply edit the
``installer.cfg`` file and modify the following settings::
[certificate]
type = manual
tls_cert_file_path = *path to tls key file*
tls_key_file_path = * path to tls fullchain file*
.. |workflow| image:: https://github.com/modoboa/modoboa-installer/workflows/Modoboa%20installer/badge.svg .. |workflow| image:: https://github.com/modoboa/modoboa-installer/workflows/Modoboa%20installer/badge.svg
.. |codecov| image:: http://codecov.io/github/modoboa/modoboa-installer/coverage.svg?branch=master .. |codecov| image:: http://codecov.io/github/modoboa/modoboa-installer/coverage.svg?branch=master
:target: http://codecov.io/github/modoboa/modoboa-installer?branch=master :target: http://codecov.io/github/modoboa/modoboa-installer?branch=master

19
modoboa_installer/config_dict_template.py
View File

@@ -30,16 +30,25 @@ ConfigDictTemplate = [
{ {
"name": "certificate", "name": "certificate",
"values": [ "values": [
{
"option": "generate",
"default": "true",
},
{ {
"option": "type", "option": "type",
"default": "self-signed", "default": "self-signed",
"customizable": True, "customizable": True,
"question": "Please choose your certificate type", "question": "Please choose your certificate type",
"values": ["self-signed", "letsencrypt"], "value_return": ["manual"],
"values": ["self-signed", "letsencrypt", "manual"],
},
{
"option": "tls_cert_file_path",
"customizable": True,
"question": "Please enter your certificate fullchain path",
"default": ""
},
{
"option": "tls_key_file_path",
"customizable": True,
"question": "Please enter your certificate key path",
"default": ""
} }
], ],
}, },

35
modoboa_installer/ssl.py
View File

@@ -25,6 +25,34 @@ class CertificateBackend(object):
return True return True
class ManualCertification(CertificateBackend):
"""Use certificate provided."""
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
path_correct = True
self.tls_cert_file_path = self.config.get("certificate",
"tls_key_file_path")
self.tls_key_file_path = self.config.get("certificate",
"tls_cert_file_path")
if not os.path.exists(self.tls_key_file_path):
utils.error("'tls_key_file_path' path is not accessible")
path_correct = False
if not os.path.exists(self.tls_cert_file_path):
utils.error("'tls_cert_file_path' path is not accessible")
path_correct = False
if not path_correct:
sys.exit(1)
def generate_cert(self):
self.config.set("general", "tls_key_file",
self.tls_key_file_path)
self.config.set("general", "tls_cert_file",
self.tls_cert_file_path)
class SelfSignedCertificate(CertificateBackend): class SelfSignedCertificate(CertificateBackend):
"""Create a self signed certificate.""" """Create a self signed certificate."""
@@ -119,8 +147,9 @@ class LetsEncryptCertificate(CertificateBackend):
def get_backend(config): def get_backend(config):
"""Return the appropriate backend.""" """Return the appropriate backend."""
if not config.getboolean("certificate", "generate"): cert_type = config.get("certificate", "type")
return None if cert_type == "letsencrypt":
if config.get("certificate", "type") == "letsencrypt":
return LetsEncryptCertificate(config) return LetsEncryptCertificate(config)
if cert_type == "manual":
return ManualCertification(config)
return SelfSignedCertificate(config) return SelfSignedCertificate(config)

13
modoboa_installer/utils.py
View File

@@ -316,6 +316,19 @@ def get_entry_value(entry, interactive):
if entry.get("values") and user_value != "": if entry.get("values") and user_value != "":
user_value = values[int(user_value)] user_value = values[int(user_value)]
condition = (
entry.get("value_return") and
user_value in entry.get("value_return")
)
if condition:
error(f"{user_value} cannot be set interactively, "
"Please configure installer.cfg manually by running "
"'python3 run.py ----stop-after-configfile-check domain'. "
"Check modoboa-installer Readme for more information."
)
sys.exit(1)
return user_value if user_value else default_value return user_value if user_value else default_value