From e09a9d5c39fc1e690d45a565fadf08885cf76cf1 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <maurotorrez@gmail.com>
Date: Mon, 3 Feb 2020 00:38:19 -0300
Subject: [PATCH] allow set path for ssl cert/key

---
 Dockerfile                       | 4 +++-
 confd/templates/10-ssl.conf.tmpl | 4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9be5cf5..0f474a7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -33,7 +33,9 @@ ENV \
     LDAP_DEFAULT_PASS_SCHEME=CRYPT \
     ANTISPAM_ENABLE=yes \
     IMAP_URLAUTH_HOST="*" \
-    SSL_CLIENT_CA_DIR="/etc/ssl/certs"
+    SSL_CLIENT_CA_DIR="/etc/ssl/certs" \
+    SSL_CERT="/ssl/cert.pem" \
+    SSL_KEY="/ssl/key.pem"
 
 RUN groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \
   && mkdir -p /vmail && chown vmail:vmail /vmail \
diff --git a/confd/templates/10-ssl.conf.tmpl b/confd/templates/10-ssl.conf.tmpl
index 82ed656..586991e 100644
--- a/confd/templates/10-ssl.conf.tmpl
+++ b/confd/templates/10-ssl.conf.tmpl
@@ -9,8 +9,8 @@ ssl = yes
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </ssl/cert.pem
-ssl_key = </ssl/key.pem
+{{ with getv "/ssl/cert" }}ssl_cert = <{{.}}{{ end }}
+{{ with getv "/ssl/key" }}ssl_key = <{{.}}{{ end }}
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often