kemko/reproxy
1
0
Fork 0
mirror of https://github.com/kemko/reproxy.git synced 2026-01-01 15:55:49 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update main.go and ssl.go to add support for ACME directory URL in ACME configuration

Browse Source
This commit is contained in:
Dmitrii Andreev
2024-09-09 22:56:50 +03:00
parent 8c9d35ed22
commit 19b4821bc9
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/main.go
View File

@@ -43,6 +43,7 @@ var opts struct {
Type string `long:"type" env:"TYPE" description:"ssl (auto) support" choice:"none" choice:"static" choice:"auto" default:"none"` // nolint Type string `long:"type" env:"TYPE" description:"ssl (auto) support" choice:"none" choice:"static" choice:"auto" default:"none"` // nolint
Cert string `long:"cert" env:"CERT" description:"path to cert.pem file"` Cert string `long:"cert" env:"CERT" description:"path to cert.pem file"`
Key string `long:"key" env:"KEY" description:"path to key.pem file"` Key string `long:"key" env:"KEY" description:"path to key.pem file"`
ACMEDirectoru string `long:"acme-directory" env:"ACME_DITRCTORY" description:"acme directory url"`
ACMELocation string `long:"acme-location" env:"ACME_LOCATION" description:"dir where certificates will be stored by autocert manager" default:"./var/acme"` ACMELocation string `long:"acme-location" env:"ACME_LOCATION" description:"dir where certificates will be stored by autocert manager" default:"./var/acme"`
ACMEEmail string `long:"acme-email" env:"ACME_EMAIL" description:"admin email for certificate notifications"` ACMEEmail string `long:"acme-email" env:"ACME_EMAIL" description:"admin email for certificate notifications"`
RedirHTTPPort int `long:"http-port" env:"HTTP_PORT" description:"http port for redirect to https and acme challenge test (default: 8080 under docker, 80 without)"` RedirHTTPPort int `long:"http-port" env:"HTTP_PORT" description:"http port for redirect to https and acme challenge test (default: 8080 under docker, 80 without)"`

17
app/proxy/ssl.go
View File

@@ -6,6 +6,8 @@ import (
"net/http" "net/http"
"strings" "strings"
"golang.org/x/crypto/acme"
log "github.com/go-pkgz/lgr" log "github.com/go-pkgz/lgr"
"golang.org/x/crypto/acme/autocert" "golang.org/x/crypto/acme/autocert"
@@ -31,6 +33,7 @@ type SSLConfig struct {
SSLMode sslMode SSLMode sslMode
Cert string Cert string
Key string Key string
ACMEDirectory string
ACMELocation string ACMELocation string
ACMEEmail string ACMEEmail string
FQDNs []string FQDNs []string
@@ -65,9 +68,19 @@ func (h *Http) redirectHandler() http.Handler {
} }
func (h *Http) makeAutocertManager() *autocert.Manager { func (h *Http) makeAutocertManager() *autocert.Manager {
log.Printf("[DEBUG] autocert manager for domains: %+v, location: %s, email: %q", acmeDirectory := autocert.DefaultACMEDirectory
h.SSLConfig.FQDNs, h.SSLConfig.ACMELocation, h.SSLConfig.ACMEEmail) if h.SSLConfig.ACMEDirectory != "" {
acmeDirectory = h.SSLConfig.ACMEDirectory
}
log.Printf("[DEBUG] autocert manager for domains: %+v, acmeDirectory: %s, location: %s, email: %q",
h.SSLConfig.FQDNs, acmeDirectory, h.SSLConfig.ACMELocation, h.SSLConfig.ACMEEmail)
return &autocert.Manager{ return &autocert.Manager{
Client: &acme.Client{
DirectoryURL: acmeDirectory,
},
Prompt: autocert.AcceptTOS, Prompt: autocert.AcceptTOS,
Cache: autocert.DirCache(h.SSLConfig.ACMELocation), Cache: autocert.DirCache(h.SSLConfig.ACMELocation),
HostPolicy: autocert.HostWhitelist(h.SSLConfig.FQDNs...), HostPolicy: autocert.HostWhitelist(h.SSLConfig.FQDNs...),