TLS Add-On support for Secondary Domains

syn

Now that cloudron has custom secondary domains feature, some apps that require their own TLS on subdomains (like XMPP servers) are made possible.

Here is a patch that expands TLS addon to support this:
https://git.cloudron.io/synchrone/box/-/commit/575247af0610dd6cc76142fe697e5415b256427b

This will help the following prospective apps to provide a sufficient level of XMPP support, as verifying TLS on their TCP ports under subdomain names is mandatory nowadays:

https://forum.cloudron.io/topic/7755/openfire-xmpp-server
https://forum.cloudron.io/topic/2486/ejabberd-robust-scalable-and-extensible-realtime-server-using-xmpp-mqtt-and-sip/12
https://forum.cloudron.io/topic/4188/snikket-server-your-own-messaging-server-in-a-box/9
https://forum.cloudron.io/topic/1234/prosody-kaiwa/5

nebulon

@syn thanks for fix on that front. We will pick that up for the next release only though. It further needs more changes to trigger for example app container restarts if certs change.

syn

@nebulon that feature is already implemented. Has been there since cloudron 6.2.0 as far as I can see

girish

@syn that only restarts the app when the primary domain cert renews.

I did a whole bunch of changes over the weekend to fix some cert renewal issues (specifically, mail container was not getting updated properly when cert renews). I will try to incorporate your changes into it (probably only for 7.4 though).

girish

Thanks @syn . This is implemented in 7.3.4 . The /etc/certs directory has the certs in DOMAIN.cert and DOMAIN.key form (both pem format).