chris/mailcow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Christopher Berger
2026-05-28 14:24:29 +00:00
parent 06d4d433d5
commit 01c8f41c06
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+8 -8
View File
@@ -48,17 +48,17 @@ its own `systemd` timer.
| Role | Host | Address | | Role | Host | Address |
| ------------------- | ------------- | -------------- | | ------------------- | ------------- | -------------- |
| Cert source (NPM) | NGX-Homepage | | | Cert source (NPM) | Nginx Proxy | - |
| mailcow (consumer) | mailcow | 10.10.14.229 | | mailcow (consumer) | mailcow | - |
## Architecture ## Architecture
``` ```
[NGX-Homepage] [mailcow host] [Nginx Proxy Manager] [mailcow host]
NPM npm-5 cert /home/certsync/incoming/ (staging) NPM npm-5 cert /home/certsync/incoming/ (staging)
| | | |
| push-mailcow-cert.sh | deploy-staged-cert.sh | push-mailcow-cert.sh | deploy-staged-cert.sh
| (rsync -azL over SSH) ──────────────────►| validate → copy → reload | (rsync -azL over SSH) ──────────────────►| validate → copy → reload
| | | |
└─ systemd: mailcow-cert-push.timer └─ systemd: mailcow-cert-deploy.timer └─ systemd: mailcow-cert-push.timer └─ systemd: mailcow-cert-deploy.timer
03:00 / 15:00 03:15 / 15:15 03:00 / 15:00 03:15 / 15:15
@@ -69,9 +69,9 @@ deployment.
## Components ## Components
### 1. Push script (NPM host) ### 1. Push script (Nginx Proxy Manager host)
**Path:** `/root/push-mailcow-cert.sh` on **NGX-Homepage** (runs as root) **Path:** `/root/push-mailcow-cert.sh` on **Nginx Proxy Manager** (runs as root)
- Source cert: `/etc/nginx/letsencrypt/live/npm-5/` - Source cert: `/etc/nginx/letsencrypt/live/npm-5/`
- NPM names its cert directories by internal ID (`npm-N`), not by hostname. - NPM names its cert directories by internal ID (`npm-N`), not by hostname.
@@ -138,7 +138,7 @@ the files must be real copies.
| Host | Units | Schedule | | Host | Units | Schedule |
| ------------- | -------------------------------------- | --------------- | | ------------- | -------------------------------------- | --------------- |
| NGX-Homepage | `mailcow-cert-push.{service,timer}` | 03:00 / 15:00 | | Nginx Proxy | `mailcow-cert-push.{service,timer}` | 03:00 / 15:00 |
| mailcow | `mailcow-cert-deploy.{service,timer}` | 03:15 / 15:15 | | mailcow | `mailcow-cert-deploy.{service,timer}` | 03:15 / 15:15 |
Both timers use `Persistent=true` so a host that was powered off catches up on Both timers use `Persistent=true` so a host that was powered off catches up on
@@ -183,7 +183,7 @@ When healthy, all three SHA-256 fingerprints match.
Manual dry run (tests the exact path the timers use): Manual dry run (tests the exact path the timers use):
```bash ```bash
# NGX-Homepage # Nginx Proxy Manager
sudo systemctl start mailcow-cert-push.service sudo systemctl start mailcow-cert-push.service
journalctl -u mailcow-cert-push.service --no-pager -n 20 journalctl -u mailcow-cert-push.service --no-pager -n 20