From 19b4821bc9fa3788442a10f39c8080b5ed8ae780 Mon Sep 17 00:00:00 2001
From: Dmitrii Andreev <kemmko@yandex-team.ru>
Date: Mon, 9 Sep 2024 22:56:50 +0300
Subject: [PATCH] Update main.go and ssl.go to add support for ACME directory
 URL in ACME configuration

---
 app/main.go      |  1 +
 app/proxy/ssl.go | 17 +++++++++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/app/main.go b/app/main.go
index 8b803b9..987d5d5 100644
--- a/app/main.go
+++ b/app/main.go
@@ -43,6 +43,7 @@ var opts struct {
 		Type          string   `long:"type" env:"TYPE" description:"ssl (auto) support" choice:"none" choice:"static" choice:"auto" default:"none"` // nolint
 		Cert          string   `long:"cert" env:"CERT" description:"path to cert.pem file"`
 		Key           string   `long:"key" env:"KEY" description:"path to key.pem file"`
+		ACMEDirectoru string   `long:"acme-directory" env:"ACME_DITRCTORY" description:"acme directory url"`
 		ACMELocation  string   `long:"acme-location" env:"ACME_LOCATION" description:"dir where certificates will be stored by autocert manager" default:"./var/acme"`
 		ACMEEmail     string   `long:"acme-email" env:"ACME_EMAIL" description:"admin email for certificate notifications"`
 		RedirHTTPPort int      `long:"http-port" env:"HTTP_PORT" description:"http port for redirect to https and acme challenge test (default: 8080 under docker, 80 without)"`
diff --git a/app/proxy/ssl.go b/app/proxy/ssl.go
index ecc1304..77b806d 100644
--- a/app/proxy/ssl.go
+++ b/app/proxy/ssl.go
@@ -6,6 +6,8 @@ import (
 	"net/http"
 	"strings"
 
+	"golang.org/x/crypto/acme"
+
 	log "github.com/go-pkgz/lgr"
 	"golang.org/x/crypto/acme/autocert"
 
@@ -31,6 +33,7 @@ type SSLConfig struct {
 	SSLMode       sslMode
 	Cert          string
 	Key           string
+	ACMEDirectory string
 	ACMELocation  string
 	ACMEEmail     string
 	FQDNs         []string
@@ -65,9 +68,19 @@ func (h *Http) redirectHandler() http.Handler {
 }
 
 func (h *Http) makeAutocertManager() *autocert.Manager {
-	log.Printf("[DEBUG] autocert manager for domains: %+v, location: %s, email: %q",
-		h.SSLConfig.FQDNs, h.SSLConfig.ACMELocation, h.SSLConfig.ACMEEmail)
+	acmeDirectory := autocert.DefaultACMEDirectory
+	if h.SSLConfig.ACMEDirectory != "" {
+		acmeDirectory = h.SSLConfig.ACMEDirectory
+	}
+
+	log.Printf("[DEBUG] autocert manager for domains: %+v, acmeDirectory: %s, location: %s, email: %q",
+		h.SSLConfig.FQDNs, acmeDirectory, h.SSLConfig.ACMELocation, h.SSLConfig.ACMEEmail)
+
 	return &autocert.Manager{
+		Client: &acme.Client{
+			DirectoryURL: acmeDirectory,
+		},
+
 		Prompt:     autocert.AcceptTOS,
 		Cache:      autocert.DirCache(h.SSLConfig.ACMELocation),
 		HostPolicy: autocert.HostWhitelist(h.SSLConfig.FQDNs...),