Configuring DKIM

erobinson · November 6, 2020, 5:00pm

Following the instructions here: https://docs.getodk.org/central-install-digital-ocean/
...will result in an error when executing step 2 since ~/central/files/dkim/rsa.private is a directory.
Also, the final command in step 2: cp config.disabled config
...will simply copy the config.disabled file into the config folder (and not rename it)

Please update,
Thanks!

yanokwa · November 6, 2020, 11:26pm

@erobinson When you get a chance, please introduce yourself here. I'd also encourage you to add a real picture as your avatar because it helps build community!

https://github.com/getodk/central/tree/master/files/dkim doesn't have a rsa.private directory and when I run openssl genrsa -out rsa.private 1024 it creates a file, not a directory.

Are you running a recent copy of Central? From your central directory, run git describe --tags and report back what it says.

erobinson · November 9, 2020, 8:40am

Hi Yaw,
git describe --tags produces v1.0.3
It appears the folders are a result of the volumes mapped for the mail container:
From docker-compose.yml:

mail:
container_name: mail
image: "itsissa/namshi-smtp:4.89-2.deb9u5"
volumes:
- ./files/dkim/config:/etc/exim4/_docker_additional_macros:ro
- ./files/dkim/rsa.private:/etc/exim4/domain.key:ro
environment:
- MAILNAME=${DOMAIN}
restart: always

Those two entries are directories in the mail container:

:# ls /etc/exim4 -l
total 104
drwxr-xr-x 2 root root 4096 Nov 9 09:05 _docker_additional_macros
drwxr-xr-x 9 root root 4096 Aug 3 2019 conf.d
drwxr-xr-x 2 root root 4096 Nov 9 09:05 domain.key
-rw-r--r-- 1 root root 57 Nov 9 09:05 exim4.conf.localmacros
-rw-r--r-- 1 root root 78843 Jul 20 2019 exim4.conf.template
-rw-r----- 1 root Debian-exim 204 Jul 20 2019 passwd.client
-rw-r--r-- 1 root root 1046 Nov 9 09:05 update-exim4.conf.conf

Regards
Ed

craigdsouza · November 12, 2020, 11:17am

Hi @yanokwa,
I have encountered the same error @erobinson reported, today while configuring DKIM ..

genrsa: Can't open "rsa.private" for writing, Is a directory

I updated Central just a couple of days ago from v 0.8 to v 1.0

running git describe --tags gives me

v1.0.3-1-g5a744a1

issa · November 12, 2020, 11:42pm

hi all.

what happens is that when docker tries to find rsa.private and it doesn't exist, it assumes it should make a new directory called rsa.private and mounts that into the child container instead.

if you run rmdir ~/central/files/dkim/rsa.private and immediately run the genrsa it should resolve the issue. there may be some other directory you have to similarly delete.

i thought i included instructions about this in the documentation, but it's not there. i'll be sure it makes it in there this time.

erobinson · November 17, 2020, 2:30pm

Hi Issa, see my previous post, the folder is explicitly mapped during container creation as specified in the docker-compose file - it seems this is by design so somewhere between the script / instructions and the docker setup, there's a disconnect.

issa · November 17, 2020, 5:57pm

hey erobinson. i am the designer.

the issue is that the files are optional, but there is no way to communicate this fact to docker. docker don't care. so no matter what the thing that is there will get mapped into the container, and therefore no matter what docker will ensure that there is a thing there: in this case, a folder.

we could maybe put a file there as a placeholder, but then we'd have to make people delete that instead. so we'll patch the instructions to have people delete the folder.