#!/bin/bash # info: add mail SSL for $domain # options: USER DOMAIN SSL_DIR [RESTART] # # This function turns on SSL support for a mail domain. Parameter ssl_dir # is a path to a directory where 2 or 3 ssl files can be found. Certificate file # mail.domain.tld.crt and its key mail.domain.tld.key are mandatory. Certificate # authority mail.domain.tld.ca file is optional. #----------------------------------------------------------# # Variables & Functions # #----------------------------------------------------------# # Argument definition user=$1 domain=$2 ssl_dir=$3 restart="$4" # Additional argument formatting if [[ "$domain" =~ [[:upper:]] ]]; then domain=$(echo "$domain" | tr '[:upper:]' '[:lower:]') fi if [[ "$domain" =~ ^www\..* ]]; then domain=$(echo "$domain" | sed -e "s/^www.//") fi if [[ "$domain" =~ .*\.$ ]]; then domain=$(echo "$domain" | sed -e "s/\.$//") fi domain_idn=$(idn2 --quiet "$domain") # Includes # shellcheck source=/etc/hestiacp/hestia.conf source /etc/hestiacp/hestia.conf # shellcheck source=/usr/local/hestia/func/main.sh source $HESTIA/func/main.sh # shellcheck source=/usr/local/hestia/func/domain.sh source $HESTIA/func/domain.sh # shellcheck source=/usr/local/hestia/func/ip.sh source $HESTIA/func/ip.sh # load config file source_conf "$HESTIA/conf/hestia.conf" # Additional argument formatting format_domain format_domain_idn #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# check_args '3' "$#" 'USER DOMAIN SSL_DIR [RESTART]' is_format_valid 'user' 'domain' 'ssl_dir' is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'mail' 'DOMAIN' "$domain" is_object_unsuspended 'mail' 'DOMAIN' "$domain" is_object_value_empty 'mail' 'DOMAIN' "$domain" '$SSL' is_web_domain_cert_valid # Perform verification if read-only mode is enabled check_hestia_demo_mode if [ -n "$restart" ]; then is_format_valid "$restart" fi #----------------------------------------------------------# # Action # #----------------------------------------------------------# # Inherit web domain local ip address domain_ip=$(get_object_value 'web' 'DOMAIN' "$domain" '$IP') if [ -n "$domain_ip" ]; then local_ip=$(get_real_ip "$domain_ip") is_ip_valid "$local_ip" "$user" else get_user_ip fi # Call routine to add SSL configuration to mail domain add_mail_ssl_config if [ "$WEBMAIL" == "roundcube" ]; then WEBMAIL_TEMPLATE="default" if [ -n "$PROXY_SYSTEM" ]; then PROXY_TEMPLATE="default" fi # Add webmail configuration to mail domain WEBMAIL_TEMPLATE="default" if [ "$WEB_SYSTEM" = "nginx" ]; then WEBMAIL_TEMPLATE="web_system" fi elif [ "$WEBMAIL" == "snappymail" ]; then WEBMAIL_TEMPLATE="snappymail" if [ -n "$PROXY_SYSTEM" ]; then PROXY_TEMPLATE="default_snappymail" fi elif [ "$WEBMAIL" == "rainloop" ]; then WEBMAIL_TEMPLATE="rainloop" if [ -n "$PROXY_SYSTEM" ]; then PROXY_TEMPLATE="default_rainloop" fi else WEBMAIL_TEMPLATE="disabled" if [ -n "$PROXY_SYSTEM" ]; then PROXY_TEMPLATE="default_disabled" fi fi add_webmail_config "$WEB_SYSTEM" "${WEBMAIL_TEMPLATE}.stpl" if [ -n "$PROXY_SYSTEM" ]; then add_webmail_config "$PROXY_SYSTEM" "${PROXY_TEMPLATE}.stpl" fi # Increase value for domain increase_user_value "$user" '$U_MAIL_SSL' # Set SSL as enabled in configuration update_object_value 'mail' 'DOMAIN' "$domain" '$SSL' "yes" #----------------------------------------------------------# # Hestia # #----------------------------------------------------------# # Restarting mail server $BIN/v-restart-mail "$restart" check_result $? "Mail restart failed" > /dev/null # Restarting web server $BIN/v-restart-web "$restart" check_result $? "Web restart failed" > /dev/null # Restarting proxy server $BIN/v-restart-proxy "$restart" check_result $? "Proxy restart failed" > /dev/null # Logging $BIN/v-log-action "$user" "Info" "Mail" "SSL enabled (Domain: $domain)." log_event "$OK" "$ARGUMENTS" exit