experimental letsencrypt support
This commit is contained in:
mischief
parent
a3148e447b
commit
ef7a6d18ff
2 changed files with 99 additions and 2 deletions
77
letsencrypt.go
Normal file
77
letsencrypt.go
Normal file
|
|
@ -0,0 +1,77 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"flag"
|
||||
"net"
|
||||
"strings"
|
||||
|
||||
"github.com/dkumor/acmewrapper"
|
||||
)
|
||||
|
||||
var (
|
||||
letsencrypt = flag.Bool("letsencrypt", false, "enable Let’s Encrypt")
|
||||
domainname = flag.String("domain", "", "domain for certificate")
|
||||
sannames = flag.String("sans", "", "comma-seperate list of subject alternate names for certificate")
|
||||
certfile = flag.String("cert", "", "TLS cert file path")
|
||||
keyfile = flag.String("key", "", "TLS key file path")
|
||||
regfile = flag.String("reg", "", "user registration file path")
|
||||
privfile = flag.String("priv", "", "user private key file path")
|
||||
test = flag.Bool("test", false, "Use the Let's Encrypt staging server")
|
||||
acme = flag.String("server", acmewrapper.DefaultServer, "The ACME server to use")
|
||||
accept = flag.Bool("accept", false, "Accept the ACME server's TOS?")
|
||||
email = flag.String("email", "", "The email to use when registering")
|
||||
|
||||
ErrDisabled = errors.New("Let's Encrypt is disabled")
|
||||
)
|
||||
|
||||
// setup a tls listener and config from let's encrypt settings.
|
||||
//
|
||||
// TODO(mischief): http redirect to https
|
||||
func doTLS(addr string) (net.Listener, *tls.Config, error) {
|
||||
if *letsencrypt == false {
|
||||
return nil, nil, ErrDisabled
|
||||
}
|
||||
|
||||
if *test {
|
||||
*acme = "https://acme-staging.api.letsencrypt.org/directory"
|
||||
}
|
||||
|
||||
domains := []string{*domainname}
|
||||
|
||||
if *sannames != "" {
|
||||
sans := strings.Split(*sannames, ",")
|
||||
domains = append(domains, sans...)
|
||||
}
|
||||
|
||||
aconf := acmewrapper.Config{
|
||||
Address: addr,
|
||||
Domains: domains,
|
||||
Email: *email,
|
||||
TLSCertFile: *certfile,
|
||||
TLSKeyFile: *keyfile,
|
||||
RegistrationFile: *regfile,
|
||||
PrivateKeyFile: *privfile,
|
||||
Server: *acme,
|
||||
TOSCallback: acmewrapper.TOSAgree,
|
||||
}
|
||||
|
||||
if *accept == false {
|
||||
aconf.TOSCallback = acmewrapper.TOSDecline
|
||||
}
|
||||
|
||||
w, err := acmewrapper.New(aconf)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
tlsconfig := w.TLSConfig()
|
||||
|
||||
listener, err := tls.Listen("tcp", addr, tlsconfig)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
return listener, tlsconfig, nil
|
||||
}
|
||||
24
main.go
24
main.go
|
|
@ -2,6 +2,7 @@ package main
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"flag"
|
||||
"fmt"
|
||||
|
|
@ -448,18 +449,37 @@ again:
|
|||
|
||||
func main() {
|
||||
flag.Parse()
|
||||
|
||||
w := New(*root)
|
||||
if w == nil {
|
||||
os.Exit(1)
|
||||
log.Fatal("can't create root")
|
||||
}
|
||||
|
||||
mux := http.NewServeMux()
|
||||
mux.Handle("/", w)
|
||||
|
||||
var listener net.Listener
|
||||
var tlsconf *tls.Config
|
||||
var err error
|
||||
|
||||
if *letsencrypt {
|
||||
listener, tlsconf, err = doTLS(*listen)
|
||||
} else {
|
||||
listener, err = net.Listen("tcp", *listen)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
s := &http.Server{
|
||||
Addr: *listen,
|
||||
Handler: mux,
|
||||
ReadTimeout: 10 * time.Second,
|
||||
WriteTimeout: 10 * time.Second,
|
||||
MaxHeaderBytes: 1 << 20,
|
||||
TLSConfig: tlsconf,
|
||||
}
|
||||
log.Fatal(s.ListenAndServe())
|
||||
|
||||
log.Fatal(s.Serve(listener))
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue