Skip to content

Commit

Permalink
Refactored runLetsEncrypt to runACME
Browse files Browse the repository at this point in the history
Signed-off-by: Cristian Le <git@lecris.me>
  • Loading branch information
LecrisUT committed Jan 21, 2022
1 parent 11f0ef8 commit 4350b76
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 12 deletions.
17 changes: 9 additions & 8 deletions cmd/web.go
Original file line number Diff line number Diff line change
Expand Up @@ -223,17 +223,18 @@ func listen(m http.Handler, handleRedirector bool) error {
err = runHTTP("tcp", listenAddr, "Web", m)
case setting.HTTPS:
if setting.EnableAcme {
err = runLetsEncrypt(listenAddr, setting.Domain, setting.AcmeLiveDirectory, setting.AcmeEmail, m)
err = runACME(listenAddr, m)
break
}
if handleRedirector {
if setting.RedirectOtherPort {
go runHTTPRedirector()
} else {
NoHTTPRedirector()
} else {
if handleRedirector {
if setting.RedirectOtherPort {
go runHTTPRedirector()
} else {
NoHTTPRedirector()
}
}
err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
}
err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
case setting.FCGI:
if handleRedirector {
NoHTTPRedirector()
Expand Down
8 changes: 4 additions & 4 deletions cmd/web_acme.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import (
"github.com/caddyserver/certmagic"
)

func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
func runACME(listenAddr string, m http.Handler) error {
// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
// Due to docker port mapping this can't be checked programmatically
// TODO: these are placeholders until we add options for each in settings with appropriate warning
Expand All @@ -36,7 +36,7 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
}

magic := certmagic.NewDefault()
magic.Storage = &certmagic.FileStorage{Path: directory}
magic.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
// Try to use private CA root if provided, otherwise defaults to system's trust
var certPool *x509.CertPool
if setting.AcmeCARoot != "" {
Expand All @@ -57,7 +57,7 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
CA: setting.AcmeURL,
TrustedRoots: certPool,
Email: email,
Email: setting.AcmeEmail,
Agreed: setting.LetsEncryptTOS,
DisableHTTPChallenge: !enableHTTPChallenge,
DisableTLSALPNChallenge: !enableTLSALPNChallenge,
Expand All @@ -69,7 +69,7 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
magic.Issuers = []certmagic.Issuer{myACME}

// this obtains certificates or renews them if necessary
err := magic.ManageSync(graceful.GetManager().HammerContext(), []string{domain})
err := magic.ManageSync(graceful.GetManager().HammerContext(), []string{setting.Domain})
if err != nil {
return err
}
Expand Down

0 comments on commit 4350b76

Please sign in to comment.