-
Notifications
You must be signed in to change notification settings - Fork 34
/
config.go
126 lines (103 loc) · 3.25 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
//
// simplecert
//
// Created by Philipp Mieden
// Contact: dreadl0ck@protonmail.ch
// Copyright © 2018 bestbytes. All rights reserved.
//
package simplecert
import (
"errors"
"log"
"os"
"time"
)
var (
c *Config
errNoDirectoryURL = errors.New("simplecert: no directory url specified")
errNoMail = errors.New("simplecert: no SSLEmail in config")
errNoDomains = errors.New("simplecert: no domains specified")
errNoChallenge = errors.New("simplecert: no challenge method specified")
errNoCacheDir = errors.New("simplecert: no cache directory specified")
)
// Default contains a default configuration
var Default = &Config{
// 30 Days before expiration
RenewBefore: 30 * 24,
// Once a week
CheckInterval: 7 * 24 * time.Hour,
SSLEmail: "",
DirectoryURL: "https://acme-v02.api.letsencrypt.org/directory",
HTTPAddress: ":80",
TLSAddress: ":443",
CacheDirPerm: 0700,
Domains: []string{},
CacheDir: "letsencrypt",
DNSProvider: "",
Local: false,
UpdateHosts: true,
}
// Config allows configuration of simplecert
type Config struct {
// renew the certificate X hours before it expires
// LetsEncrypt Certs are valid for 90 Days
RenewBefore int
// Interval for checking if cert is closer to expiration than RenewBefore
CheckInterval time.Duration
// SSLEmail for contact
SSLEmail string
// ACME Directory URL. Can be set to https://acme-staging-v02.api.letsencrypt.org/directory for testing
DirectoryURL string
// Endpoints for webroot challenge
// CAUTION: challenge must be received on port 80 and 443
// if you choose different ports here you must redirect the traffic
HTTPAddress string
TLSAddress string
// UNIX Permission for the CacheDir and all files inside
CacheDirPerm os.FileMode
// Domains for which to obtain the certificate
Domains []string
// Path of the CacheDir
CacheDir string
// DNSProvider name for DNS challenges (optional)
// see: https://godoc.org/github.com/go-acme/lego/providers/dns
DNSProvider string
// Local runmode
Local bool
// UpdateHosts adds the domains to /etc/hosts if running in local mode
UpdateHosts bool
// Handler funcs for graceful service shutdown and restoring
WillRenewCertificate func()
DidRenewCertificate func()
FailedToRenewCertificate func(error)
}
// CheckConfig checks if config can be used to obtain a cert
func CheckConfig(c *Config) error {
if c.CacheDir == "" {
return errNoCacheDir
}
if len(c.Domains) == 0 {
return errNoDomains
}
if !c.Local {
if c.SSLEmail == "" {
return errNoMail
}
}
if c.DirectoryURL == "" {
return errNoDirectoryURL
}
if c.DNSProvider == "" && c.HTTPAddress == "" && c.TLSAddress == "" {
return errNoChallenge
}
if c.WillRenewCertificate == nil && (c.HTTPAddress != "" || c.TLSAddress != "") {
log.Println("[WARNING] no WillRenewCertificate handler specified, to handle graceful server shutdown!")
}
if c.DidRenewCertificate == nil && (c.HTTPAddress != "" || c.TLSAddress != "") {
log.Println("[WARNING] no DidRenewCertificate handler specified, to bring the service back up after renewing the certificate!")
}
if c.FailedToRenewCertificate == nil {
log.Println("[WARNING] no FailedToRenewCertificate handler specified! Simplecert will fatal on errors!")
}
return nil
}