diff --git a/src/addons.js b/src/addons.js index 2a5500f12..10f87c1a2 100644 --- a/src/addons.js +++ b/src/addons.js @@ -21,6 +21,7 @@ exports = module.exports = { var appdb = require('./appdb.js'), assert = require('assert'), async = require('async'), + certificates = require('./certificates.js'), clientdb = require('./clientdb.js'), config = require('./config.js'), DatabaseError = require('./databaseerror.js'), @@ -125,7 +126,11 @@ function initialize(callback) { if (process.env.BOX_ENV === 'test') return callback(); debug('initializing addon infrastructure'); - shell.sudo('seutp_infra', [ SETUP_INFRA_CMD, config.fqdn() ], callback); + certificates.getAdminCertificatePath(function (error, certFilePath, keyFilePath) { + if (error) return callback(error); + + shell.sudo('seutp_infra', [ SETUP_INFRA_CMD, config.fqdn(), config.adminFqdn(), certFilePath, keyFilePath ], callback); + }); } function setupAddons(app, addons, callback) { diff --git a/src/certificates.js b/src/certificates.js index 47664cdb1..162898e0c 100644 --- a/src/certificates.js +++ b/src/certificates.js @@ -30,7 +30,8 @@ exports = module.exports = { setAdminCertificate: setAdminCertificate, CertificatesError: CertificatesError, validateCertificate: validateCertificate, - ensureCertificate: ensureCertificate + ensureCertificate: ensureCertificate, + getAdminCertificatePath: getAdminCertificatePath }; var NOOP_CALLBACK = function (error) { if (error) debug(error); }; @@ -258,7 +259,7 @@ function setFallbackCertificate(cert, key, callback) { }); } -function getFallbackCertificate(callback) { +function getFallbackCertificatePath(callback) { assert.strictEqual(typeof callback, 'function'); var certFilePath = path.join(paths.APP_CERTS_DIR, 'host.cert'); @@ -271,6 +272,7 @@ function getFallbackCertificate(callback) { callback(null, certFilePath, keyFilePath); } +// FIXME: setting admin cert needs to restart the mail container because it uses admin cert function setAdminCertificate(cert, key, callback) { assert.strictEqual(typeof cert, 'string'); assert.strictEqual(typeof key, 'string'); @@ -290,7 +292,7 @@ function setAdminCertificate(cert, key, callback) { nginx.configureAdmin(certFilePath, keyFilePath, callback); } -function getAdminCertificate(callback) { +function getAdminCertificatePath(callback) { assert.strictEqual(typeof callback, 'function'); var vhost = config.adminFqn(); @@ -299,7 +301,7 @@ function getAdminCertificate(callback) { if (fs.existsSync(certFilePath) && fs.existsSync(keyFilePath)) return callback(null, certFilePath, keyFilePath); - getFallbackCertificate(callback); + getFallbackCertificatePath(callback); } function ensureCertificate(app, callback) { diff --git a/src/scripts/setup_infra.sh b/src/scripts/setup_infra.sh index 973816396..bc2960c61 100755 --- a/src/scripts/setup_infra.sh +++ b/src/scripts/setup_infra.sh @@ -18,6 +18,9 @@ script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "${script_dir}/../INFRA_VERSION" # this injects INFRA_VERSION readonly fqdn="$1" +readonly mail_fqdn="$2" +readonly mail_tls_cert="$3" +readonly mail_tls_key="$4" # removing containers ensures containers are launched with latest config updates # restore code in appatask does not delete old containers @@ -59,9 +62,12 @@ mail_container_id=$(docker run --restart=always -d --name="mail" \ -m 75m \ --memory-swap 150m \ -h "${fqdn}" \ - -e "MAIL_SERVER_NAME=${fqdn}" \ -e "MAIL_DOMAIN=${fqdn}" \ + -e "MAIL_SERVER_NAME=${mail_fqdn}" \ -v "${DATA_DIR}/box/mail:/app/data" \ + -v "${mail_tls_key}:/app/config/config/tls_key.pem:r" \ + -v "${mail_tls_cert}:/app/config/config/tls_cert.pem:r" \ + -p 0.0.0.0:587:2500 \ --read-only -v /tmp -v /run \ "${MAIL_IMAGE}") echo "Mail container id: ${mail_container_id}"