Merge pull request #1 from kemko/support_acme_directory_change

Support acme directory change

README.md

@@ -37,7 +37,7 @@ For convenience, requests with the trailing `/` and without regex groups expande
 
 The host substitution is supported in the destination URL. For example, `/files/${host}` will be replaced with the matched host name. `$host` (without braces) can also be used.
 
-Both HTTP and HTTPS supported. For HTTPS, static certificate can be used as well as automated ACME (Let's Encrypt) certificates. Optional assets server can be used to serve static files. Starting reproxy requires at least one provider defined. The rest of parameters are strictly optional and have sane default.
+Both HTTP and HTTPS supported. For HTTPS, static certificate can be used as well as automated ACME (Let's Encrypt or compatible) certificates. Optional assets server can be used to serve static files. Starting reproxy requires at least one provider defined. The rest of parameters are strictly optional and have sane default.
 
 Examples:
 
@@ -383,6 +383,7 @@ ssl:
       --ssl.cert=                   path to cert.pem file [$SSL_CERT]
       --ssl.key=                    path to key.pem file [$SSL_KEY]
       --ssl.acme-location=          dir where certificates will be stored by autocert manager (default: ./var/acme) [$SSL_ACME_LOCATION]
+      --ssl.acme-directory=         acme directory url [$SSL_ACME_DITRCTORY]
       --ssl.acme-email=             admin email for certificate notifications [$SSL_ACME_EMAIL]
       --ssl.http-port=              http port for redirect to https and acme challenge test (default: 8080 under docker, 80 without) [$SSL_HTTP_PORT]
       --ssl.fqdn=                   FQDN(s) for ACME certificates [$SSL_ACME_FQDN]

app/main.go

@@ -43,6 +43,7 @@ var opts struct {
 		Type          string   `long:"type" env:"TYPE" description:"ssl (auto) support" choice:"none" choice:"static" choice:"auto" default:"none"` // nolint
 		Cert          string   `long:"cert" env:"CERT" description:"path to cert.pem file"`
 		Key           string   `long:"key" env:"KEY" description:"path to key.pem file"`
+		ACMEDirectoru string   `long:"acme-directory" env:"ACME_DITRCTORY" description:"acme directory url"`
 		ACMELocation  string   `long:"acme-location" env:"ACME_LOCATION" description:"dir where certificates will be stored by autocert manager" default:"./var/acme"`
 		ACMEEmail     string   `long:"acme-email" env:"ACME_EMAIL" description:"admin email for certificate notifications"`
 		RedirHTTPPort int      `long:"http-port" env:"HTTP_PORT" description:"http port for redirect to https and acme challenge test (default: 8080 under docker, 80 without)"`

app/proxy/ssl.go

@@ -6,6 +6,8 @@ import (
 	"net/http"
 	"strings"
 
+	"golang.org/x/crypto/acme"
+
 	log "github.com/go-pkgz/lgr"
 	"golang.org/x/crypto/acme/autocert"
 
@@ -31,6 +33,7 @@ type SSLConfig struct {
 	SSLMode       sslMode
 	Cert          string
 	Key           string
+	ACMEDirectory string
 	ACMELocation  string
 	ACMEEmail     string
 	FQDNs         []string
@@ -65,9 +68,19 @@ func (h *Http) redirectHandler() http.Handler {
 }
 
 func (h *Http) makeAutocertManager() *autocert.Manager {
-	log.Printf("[DEBUG] autocert manager for domains: %+v, location: %s, email: %q",
-		h.SSLConfig.FQDNs, h.SSLConfig.ACMELocation, h.SSLConfig.ACMEEmail)
+	acmeDirectory := autocert.DefaultACMEDirectory
+	if h.SSLConfig.ACMEDirectory != "" {
+		acmeDirectory = h.SSLConfig.ACMEDirectory
+	}
+
+	log.Printf("[DEBUG] autocert manager for domains: %+v, acmeDirectory: %s, location: %s, email: %q",
+		h.SSLConfig.FQDNs, acmeDirectory, h.SSLConfig.ACMELocation, h.SSLConfig.ACMEEmail)
+
 	return &autocert.Manager{
+		Client: &acme.Client{
+			DirectoryURL: acmeDirectory,
+		},
+
 		Prompt:     autocert.AcceptTOS,
 		Cache:      autocert.DirCache(h.SSLConfig.ACMELocation),
 		HostPolicy: autocert.HostWhitelist(h.SSLConfig.FQDNs...),