Move dh.pem generation outside container

01-nginx-setup.sh

@@ -100,9 +100,13 @@ then
     certbot --nginx --non-interactive --agree-tos --no-eff-email -m ${eff_email_address} -d ${domain} \
         --staple-ocsp --hsts --no-redirect --renew-hook 'docker exec --interactive --tty myvemail /bin/ash -c "dovecot reload; postfix reload"'
 
-    # Link certificates
+    # SSL
+    [ -d ./data/ssl/ ] || mkdir -p ./data/ssl
+    # Link certificate and private key
     ln -s /etc/letsencrypt/live/${domain}/fullchain.pem ./data/ssl/tls.pem
     ln -s /etc/letsencrypt/live/${domain}/privkey.pem ./data/ssl/tls.key
+    # dh.pem
+    [ -f ./data/ssl/dh.pem ] || openssl dhparam -out ./data/ssl/dh.pem 4096
 
     # Cleanup
     rm -f ${0}

build/run/docker-entrypoint/init.d/10-ssl.sh

@@ -1,22 +1,9 @@
 #!/usr/bin/env bash
-# Generate ssl keys
-if [ ! -f /etc/ssl/dovecot/tls.pem ] || [ ! -f /etc/ssl/dovecot/tls.key ]
+# Check if keys exist
+if [ ! -f /etc/ssl/dovecot/tls.pem ] || [ ! -f /etc/ssl/dovecot/tls.key ] || [ ! -f /etc/ssl/dovecot/dh.pem ]
 then
     exit 1
-#     mkdir -p /etc/ssl/dovecot/
-#     openssl req \
-#         -x509 \
-#         -newkey rsa:4096 \
-#         -sha512 \
-#         -nodes \
-#         -keyout /etc/ssl/dovecot/tls.key \
-#         -out /etc/ssl/dovecot/tls.pem \
-#         -subj "/CN=${MYVEMAIL_SUBDOMAIN}.${MYVEMAIL_DOMAIN}" \
-#         -days 3650
 fi
 
-# dh.pem
-[ -f /etc/ssl/dovecot/dh.pem ] || openssl dhparam -out /etc/ssl/dovecot/dh.pem 4096
-
 # Permissions
 setfacl -R -m u:${MYVEMAIL_NGINX_USERGROUP}:rx /etc/ssl/dovecot/