make it easier to run with existing webserver

- make it easier to run with an existing webserver. the quickstart now has a new option for that, it generates a different mox.conf, and further instructions such as configuring the tls keys/certs and reverse proxy urls. and changes to make autoconfig work in that case too.
- when starting up, request a tls cert for the hostname and for the autoconfig endpoint. the first will be requested soon anyway, and the autoconfig cert is needed early so the first autoconfig request doesn't time out (without helpful message to the user by at least thunderbird). and don't request the certificate before the servers are online. the root process was now requesting the certs, before the child process was serving on the tls port.
- add examples of configs generated by the quickstart.
- enable debug logging in config from quickstart, to give user more info.

for issue #5
This commit is contained in:
Mechiel Lukkien
2023-03-04 00:49:02 +01:00
parent 73bfc58453
commit 15e262b043
11 changed files with 417 additions and 277 deletions

28
doc.go
View File

@ -14,7 +14,7 @@ low-maintenance self-hosted email.
mox [-config config/mox.conf] ...
mox serve
mox quickstart user@domain [user | uid]
mox quickstart [-existing-webserver] user@domain [user | uid]
mox stop
mox setaccountpassword address
mox setadminpassword
@ -41,7 +41,7 @@ low-maintenance self-hosted email.
mox config domain rm domain
mox config describe-sendmail >/etc/moxsubmit.conf
mox config printservice >mox.service
mox examples [name]
mox example [name]
mox checkupdate
mox cid cid
mox clientconfig domain
@ -91,7 +91,25 @@ systemd service file and prints commands to enable and start mox as service.
The user or uid is optional, defaults to "mox", and is the user or uid/gid mox
will run as after initialization.
usage: mox quickstart user@domain [user | uid]
Mox is by far easiest to operate if you let it listen on port 443 (HTTPS) and
80 (HTTP). TLS will be fully automatic with ACME with Let's Encrypt.
You can run mox along with an existing webserver, but because of MTA-STS and
autoconfig, you'll need to forward HTTPS traffic for two domains to mox. Run
"mox quickstart -existing-webserver ..." to generate configuration files and
instructions for configuring mox along with an existing webserver.
But please first consider configuring mox on port 443. It can itself serve
domains with HTTP/HTTPS, including with automatic TLS with ACME, is easily
configured through both configuration files and admin web interface, and can act
as a reverse proxy (and static file server for that matter), so you can forward
traffic to your existing backend applications. Look for "WebHandlers:" in the
output of "mox config describe-domains" and see the output of "mox example
webhandlers".
usage: mox quickstart [-existing-webserver] user@domain [user | uid]
-existing-webserver
use if a webserver is already running, so mox won't listen on port 80 and 443; you'll have to provide tls certificates/keys, and configure the existing webserver as reverse proxy, forwarding requests to mox.
# mox stop
@ -389,11 +407,11 @@ date version.
usage: mox config printservice >mox.service
# mox examples
# mox example
List available examples, or print a specific example.
usage: mox examples [name]
usage: mox example [name]
# mox checkupdate