tls configuration for separation of services

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

tls configuration for separation of services

David Mehler
Hello,

This is a snipet of my roundcube configuration file, originally made
when all services were running on localhost. I've now separated the
webserver from the mail server and want to have all tls connections
between services. I've got letsencrypt-supplied certificates, is this
still the correct configuration for tls with separate systems handling
each service?

Thanks.
Dave.

$config['default_host'] = 'tls://172.16.21.3';
$config['imap_auth_type'] = 'PLAIN';
$config['imap_conn_options'] = array (
  'ssl' =>
  array (
    'verify_peer' => false,
    'verify_peer_name' => false,
  ),
);
$config['smtp_server'] = 'tls://172.16.21.3';
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = 'PLAIN';
$config['smtp_conn_options'] = array (
  'ssl' =>
  array (
    'verify_peer' => false,
    'verify_peer_name' => false,
  ),
);
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: tls configuration for separation of services

@lbutlr
On 20 Apr 2020, at 17:44, David Mehler <[hidden email]> wrote:
> I've got letsencrypt-supplied certificates, is this still the correct configuration for tls with separate systems handling each service?

> $config['default_host'] = 'tls://172.16.21.3’;

I don’t think this will work with LE as it does not allow certs on IP addresses I don’t think.

--
“Alas, earwax!"
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: tls configuration for separation of services

David Mehler
Hello,

Thanks. So instead of an address give it an fqdn? Is there anything
else I should do?

Thanks.
Dave.


On 4/21/20, @lbutlr <[hidden email]> wrote:

> On 20 Apr 2020, at 17:44, David Mehler <[hidden email]> wrote:
>> I've got letsencrypt-supplied certificates, is this still the correct
>> configuration for tls with separate systems handling each service?
>
>> $config['default_host'] = 'tls://172.16.21.3’;
>
> I don’t think this will work with LE as it does not allow certs on IP
> addresses I don’t think.
>
> --
> “Alas, earwax!"
> _______________________________________________
> Roundcube Users mailing list
> [hidden email]
> http://lists.roundcube.net/mailman/listinfo/users
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users