Update main.go and ssl.go to add support for ACME directory URL in ACME configuration

2026-01-01 15:55:49 +03:00 · 2024-09-09 22:56:50 +03:00
parent 8c9d35ed22
commit 19b4821bc9
2 changed files with 16 additions and 2 deletions
--- a/app/main.go
+++ b/app/main.go
@@ -43,6 +43,7 @@ var opts struct {
 		Type          string   `long:"type" env:"TYPE" description:"ssl (auto) support" choice:"none" choice:"static" choice:"auto" default:"none"` // nolint
 		Cert          string   `long:"cert" env:"CERT" description:"path to cert.pem file"`
 		Key           string   `long:"key" env:"KEY" description:"path to key.pem file"`
+		ACMEDirectoru string   `long:"acme-directory" env:"ACME_DITRCTORY" description:"acme directory url"`
 		ACMELocation  string   `long:"acme-location" env:"ACME_LOCATION" description:"dir where certificates will be stored by autocert manager" default:"./var/acme"`
 		ACMEEmail     string   `long:"acme-email" env:"ACME_EMAIL" description:"admin email for certificate notifications"`
 		RedirHTTPPort int      `long:"http-port" env:"HTTP_PORT" description:"http port for redirect to https and acme challenge test (default: 8080 under docker, 80 without)"`
--- a/app/proxy/ssl.go
+++ b/app/proxy/ssl.go
@@ -6,6 +6,8 @@ import (
 	"net/http"
 	"strings"

+	"golang.org/x/crypto/acme"
+
 	log "github.com/go-pkgz/lgr"
 	"golang.org/x/crypto/acme/autocert"

@@ -31,6 +33,7 @@ type SSLConfig struct {
 	SSLMode       sslMode
 	Cert          string
 	Key           string
+	ACMEDirectory string
 	ACMELocation  string
 	ACMEEmail     string
 	FQDNs         []string
@@ -65,9 +68,19 @@ func (h *Http) redirectHandler() http.Handler {
 }

 func (h *Http) makeAutocertManager() *autocert.Manager {
-	log.Printf("[DEBUG] autocert manager for domains: %+v, location: %s, email: %q",
-		h.SSLConfig.FQDNs, h.SSLConfig.ACMELocation, h.SSLConfig.ACMEEmail)
+	acmeDirectory := autocert.DefaultACMEDirectory
+	if h.SSLConfig.ACMEDirectory != "" {
+		acmeDirectory = h.SSLConfig.ACMEDirectory
+	}
+
+	log.Printf("[DEBUG] autocert manager for domains: %+v, acmeDirectory: %s, location: %s, email: %q",
+		h.SSLConfig.FQDNs, acmeDirectory, h.SSLConfig.ACMELocation, h.SSLConfig.ACMEEmail)
+
 	return &autocert.Manager{
+		Client: &acme.Client{
+			DirectoryURL: acmeDirectory,
+		},
+
 		Prompt:     autocert.AcceptTOS,
 		Cache:      autocert.DirCache(h.SSLConfig.ACMELocation),
 		HostPolicy: autocert.HostWhitelist(h.SSLConfig.FQDNs...),