forked from Deuxfleurs/nixcfg
wip rsa-ecc proxy
This commit is contained in:
parent
870511931a
commit
bebbf5bd8b
4 changed files with 46 additions and 1 deletions
23
cluster/prod/app/email/integration/README.md
Normal file
23
cluster/prod/app/email/integration/README.md
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
# Email
|
||||||
|
|
||||||
|
## TLS TLS Proxy
|
||||||
|
|
||||||
|
Required for Android 7.0 that does not support elliptic curves.
|
||||||
|
|
||||||
|
Generate a key:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout rsa.key -out rsa.crt -subj "/CN=imap.deuxfleurs.fr" -addext "subjectAltName=DNS:smtp.deuxfleurs.fr"
|
||||||
|
```
|
||||||
|
|
||||||
|
Run the command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
./integration/proxy.sh imap.deuxfleurs.fr:993 1993
|
||||||
|
```
|
||||||
|
|
||||||
|
Test it:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
openssl s_client localhost:1993
|
||||||
|
```
|
13
cluster/prod/app/email/integration/tls-tls-proxy.sh
Normal file
13
cluster/prod/app/email/integration/tls-tls-proxy.sh
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
UPSTREAM=$1
|
||||||
|
PROXY_PORT=$2
|
||||||
|
socat -dd \
|
||||||
|
"openssl-listen:${PROXY_PORT},\
|
||||||
|
reuseaddr,\
|
||||||
|
fork,\
|
||||||
|
cert=/tmp/tls-tls-proxy/rsa.crt,\
|
||||||
|
key=/tmp/tls-tls-proxy/rsa.key,\
|
||||||
|
verify=0,\
|
||||||
|
bind=0.0.0.0" \
|
||||||
|
"openssl:${UPSTREAM},\
|
||||||
|
verify=0"
|
|
@ -21,3 +21,12 @@ password_secret = "email/sogo/ldap_bindpw"
|
||||||
type = 'user'
|
type = 'user'
|
||||||
description = 'SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template)'
|
description = 'SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template)'
|
||||||
|
|
||||||
|
# ---- TLS TLS PROXY ---
|
||||||
|
|
||||||
|
[secrets."email/tls-tls-proxy/rsa.crt"]
|
||||||
|
type="user"
|
||||||
|
description="PEM encoded file containing the RSA certificate"
|
||||||
|
|
||||||
|
[secrets."email/tls-tls-proxy/rsa.key"]
|
||||||
|
type="user"
|
||||||
|
description="PEM encoded file containing the RSA key"
|
||||||
|
|
|
@ -121,7 +121,7 @@ EOH
|
||||||
data = <<EOH
|
data = <<EOH
|
||||||
TRICOT_NODE_NAME={{ env "attr.unique.consul.name" }}
|
TRICOT_NODE_NAME={{ env "attr.unique.consul.name" }}
|
||||||
TRICOT_LETSENCRYPT_EMAIL=alex@adnab.me
|
TRICOT_LETSENCRYPT_EMAIL=alex@adnab.me
|
||||||
TRICOT_ENABLE_COMPRESSION=true
|
#TRICOT_ENABLE_COMPRESSION=true
|
||||||
TRICOT_CONSUL_HOST=https://localhost:8501
|
TRICOT_CONSUL_HOST=https://localhost:8501
|
||||||
TRICOT_CONSUL_CA_CERT=/etc/tricot/consul-ca.crt
|
TRICOT_CONSUL_CA_CERT=/etc/tricot/consul-ca.crt
|
||||||
TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt
|
TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt
|
||||||
|
|
Loading…
Reference in a new issue