Skip to content

Commit 093d5ed

Browse files
techknowlogicktechknowlogick
committed
store certs in directory per settings
1 parent 630182e commit 093d5ed

File tree

1 file changed

+22
-10
lines changed

1 file changed

+22
-10
lines changed

cmd/web_letsencrypt.go

Lines changed: 22 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,19 @@ import (
1717

1818
func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
1919

20+
// if HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443
21+
// due to docker port mapping this can't be checked programatically
22+
// TODO: these are placeholders until we add options for each in settings with appropriate warning
23+
enableHTTPChallenge := true
24+
enableTLSALPNChallenge := false // set to false as this is default prior to using certmagic
25+
2026
magic := certmagic.NewDefault()
2127
myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
22-
Email: email,
23-
Agreed: true,
28+
Email: email,
29+
Agreed: true,
30+
DisableHTTPChallenge: !enableHTTPChallenge,
31+
DisableTLSALPNChallenge: !enableTLSALPNChallenge,
32+
Storage: &certmagic.FileStorage{Path: directory},
2433
})
2534

2635
magic.Issuer = myACME
@@ -33,14 +42,17 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
3342

3443
tlsConfig := magic.TLSConfig()
3544

36-
go func() {
37-
log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
38-
// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
39-
var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
40-
if err != nil {
41-
log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
42-
}
43-
}()
45+
if enableHTTPChallenge {
46+
go func() {
47+
log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
48+
// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
49+
var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
50+
if err != nil {
51+
log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
52+
}
53+
}()
54+
}
55+
4456
return runHTTPSWithTLSConfig("tcp", listenAddr, tlsConfig, context2.ClearHandler(m))
4557
}
4658

0 commit comments

Comments
 (0)