Merge branch 'dev'

datarhei · Sep 30, 2022 · bae68f8 · bae68f8
2 parents da833a3 + eb57fb5
commit bae68f8
Show file tree

Hide file tree

Showing 8 changed files with 64 additions and 6 deletions.
diff --git a/.github_build/Build.alpine.env b/.github_build/Build.alpine.env
@@ -2,4 +2,4 @@
 OS_NAME=alpine
 OS_VERSION=3.15
 GOLANG_IMAGE=golang:1.18.6-alpine3.15
-CORE_VERSION=16.10.0
+CORE_VERSION=16.10.1
diff --git a/.github_build/Build.ubuntu.env b/.github_build/Build.ubuntu.env
@@ -2,4 +2,4 @@
 OS_NAME=ubuntu
 OS_VERSION=20.04
 GOLANG_IMAGE=golang:1.18.6-alpine3.15
-CORE_VERSION=16.10.0
+CORE_VERSION=16.10.1
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Core
 
+### Core v16.10.0 > v16.10.1
+
+-   Add email address in TLS config for Let's Encrypt
+-   Fix use of Let's Encrypt production CA
+
 ### Core v16.9.1 > v16.10.0
 
 -   Add HLS session middleware to diskfs

diff --git a/app/api/api.go b/app/api/api.go
@@ -655,8 +655,8 @@ func (a *api) start() error {
 		}
 
 		certmagic.DefaultACME.Agreed = true
-		certmagic.DefaultACME.Email = ""
-		certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA
+		certmagic.DefaultACME.Email = cfg.TLS.Email
+		certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA
 		certmagic.DefaultACME.DisableHTTPChallenge = false
 		certmagic.DefaultACME.DisableTLSALPNChallenge = true
 		certmagic.DefaultACME.Logger = nil

diff --git a/app/version.go b/app/version.go
@@ -30,7 +30,7 @@ func (v versionInfo) MinorString() string {
 var Version = versionInfo{
 	Major: 16,
 	Minor: 10,
-	Patch: 0,
+	Patch: 1,
 }
 
 // Commit is the git commit the app is build from. It should be filled in during compilation

diff --git a/config/config.go b/config/config.go
@@ -176,6 +176,7 @@ func (d *Config) init() {
 	d.val(newAddressValue(&d.TLS.Address, ":8181"), "tls.address", "CORE_TLS_ADDRESS", nil, "HTTPS listening address", false, false)
 	d.val(newBoolValue(&d.TLS.Enable, false), "tls.enable", "CORE_TLS_ENABLE", nil, "Enable HTTPS", false, false)
 	d.val(newBoolValue(&d.TLS.Auto, false), "tls.auto", "CORE_TLS_AUTO", nil, "Enable Let's Encrypt certificate", false, false)
+	d.val(newEmailValue(&d.TLS.Email, "cert@datarhei.com"), "tls.email", "CORE_TLS_EMAIL", nil, "Email for Let's Encrypt registration", false, false)
 	d.val(newFileValue(&d.TLS.CertFile, ""), "tls.cert_file", "CORE_TLS_CERTFILE", nil, "Path to certificate file in PEM format", false, false)
 	d.val(newFileValue(&d.TLS.KeyFile, ""), "tls.key_file", "CORE_TLS_KEYFILE", nil, "Path to key file in PEM format", false, false)
 
@@ -419,6 +420,14 @@ func (d *Config) Validate(resetLogs bool) {
 		}
 	}
 
+	// If TLS and Let's Encrypt certificate is enabled, we require a non-empty email address
+	if d.TLS.Enable && d.TLS.Auto {
+		if len(d.TLS.Email) == 0 {
+			v := d.findVariable("tls.email")
+			v.value.Set(v.defVal)
+		}
+	}
+
 	// If TLS for RTMP is enabled, TLS must be enabled
 	if d.RTMP.EnableTLS {
 		if !d.RTMP.Enable {

diff --git a/config/data.go b/config/data.go
@@ -54,6 +54,7 @@ type Data struct {
 		Address  string `json:"address"`
 		Enable   bool   `json:"enable"`
 		Auto     bool   `json:"auto"`
+		Email    string `json:"email"`
 		CertFile string `json:"cert_file"`
 		KeyFile  string `json:"key_file"`
 	} `json:"tls"`
@@ -174,7 +175,6 @@ func NewV3FromV2(d *dataV2) (*Data, error) {
 	data.DB = d.DB
 	data.Host = d.Host
 	data.API = d.API
-	data.TLS = d.TLS
 	data.RTMP = d.RTMP
 	data.SRT = d.SRT
 	data.FFmpeg = d.FFmpeg
@@ -211,6 +211,13 @@ func NewV3FromV2(d *dataV2) (*Data, error) {
 	data.Router.Routes = copyStringMap(d.Router.Routes)
 
 	// Actual changes
+	data.TLS.Enable = d.TLS.Enable
+	data.TLS.Address = d.TLS.Address
+	data.TLS.Auto = d.TLS.Auto
+	data.TLS.CertFile = d.TLS.CertFile
+	data.TLS.KeyFile = d.TLS.KeyFile
+	data.TLS.Email = "cert@datarhei.com"
+
 	data.Storage.MimeTypes = d.Storage.MimeTypes
 
 	data.Storage.CORS = d.Storage.CORS

diff --git a/config/types.go b/config/types.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net"
+	"net/mail"
 	"net/url"
 	"os"
 	"os/exec"
@@ -805,3 +806,39 @@ func (s *absolutePathValue) Validate() error {
 func (s *absolutePathValue) IsEmpty() bool {
 	return len(string(*s)) == 0
 }
+
+// email address
+
+type emailValue string
+
+func newEmailValue(p *string, val string) *emailValue {
+	*p = val
+	return (*emailValue)(p)
+}
+
+func (s *emailValue) Set(val string) error {
+	addr, err := mail.ParseAddress(val)
+	if err != nil {
+		return err
+	}
+
+	*s = emailValue(addr.Address)
+	return nil
+}
+
+func (s *emailValue) String() string {
+	return string(*s)
+}
+
+func (s *emailValue) Validate() error {
+	if len(s.String()) == 0 {
+		return nil
+	}
+
+	_, err := mail.ParseAddress(s.String())
+	return err
+}
+
+func (s *emailValue) IsEmpty() bool {
+	return len(string(*s)) == 0
+}