Use /data/dh.pem

Signed-off-by: René Jochum <rene@jochum.dev>
4 years ago · 412aeb234d
parent cee836e835
commit 412aeb234d
2 changed files with 3 additions and 3 deletions
--- a/conf/conf.d/10-ssl.conf
+++ b/conf/conf.d/10-ssl.conf
@ -47,7 +47,7 @@ ssl_client_ca_file = /cert/ca.crt
 # Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
 # Or migrate from old ssl-parameters.dat file with the command dovecot
 # gives on startup when ssl_dh is unset.
-ssl_dh = </etc/dovecot/dh.pem
+ssl_dh = </data/dh.pem

 # Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
 # TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
--- a/docker-entrypoint.py
+++ b/docker-entrypoint.py
@ -34,8 +34,8 @@ for dovecot_file in glob.glob("/overrides/**/*.jinja", recursive=True):
    jinja_render_file(dovecot_file, os.environ, out_path)
    os.chmod(out_path, 600)

-if not os.path.isfile("/etc/dovecot/dh.pem"):
-    subprocess.call("/usr/bin/openssl", "dhparam", "-out", "/etc/dovecot/dh.pem", "4096")
+if not os.path.isfile("/data/dh.pem"):
+    subprocess.call("/usr/bin/openssl", "dhparam", "-out", "/data/dh.pem", "4096")

 subprocess.call(["/bin/mkdir", "-p", "/data/vmail"])
 subprocess.call(["/bin/chmod", "u=rwX,g=rX,o=rX", "/data"])