Skip to content

Commit

Permalink
Adds custom ACME providers
Browse files Browse the repository at this point in the history
  • Loading branch information
t0xicCode committed Jul 24, 2023
1 parent a33c09a commit d9fe24a
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 47 deletions.
6 changes: 4 additions & 2 deletions config.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,15 @@ ip = "0.0.0.0"
disable_registration = false
# listen port, eg. 443 for default HTTPS
port = "443"
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
# possible values: "letsencrypt", "letsencryptstaging", "custom", "cert", "none"
tls = "letsencryptstaging"
# only used if tls = "cert"
tls_cert_privkey = "/etc/tls/example.org/privkey.pem"
tls_cert_fullchain = "/etc/tls/example.org/fullchain.pem"
# only used if tls = "letsencrypt"
# only used if tls = "letsencrypt", "letsencryptstaging", or "custom"
acme_cache_dir = "api-certs"
# only used if tls = "custom"
acme_dir = "https://acme-v02.example.com/directory"
# optional e-mail address to which Let's Encrypt will send expiration notices for the API's cert
notification_email = ""
# CORS AllowOrigins, wildcards can be used
Expand Down
58 changes: 26 additions & 32 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -114,42 +114,46 @@ func startHTTPAPI(errChan chan error, config DNSConfig, dnsservers []*DNSServer)

api := httprouter.New()
c := cors.New(cors.Options{
AllowedOrigins: Config.API.CorsOrigins,
AllowedOrigins: config.API.CorsOrigins,
AllowedMethods: []string{"GET", "POST"},
OptionsPassthrough: false,
Debug: Config.General.Debug,
Debug: config.General.Debug,
})
if Config.General.Debug {
if config.General.Debug {
// Logwriter for saner log output
c.Log = stdlog.New(logwriter, "", 0)
}
if !Config.API.DisableRegistration {
if !config.API.DisableRegistration {
api.POST("/register", webRegisterPost)
}
api.POST("/update", Auth(webUpdatePost))
api.GET("/health", healthCheck)

host := Config.API.IP + ":" + Config.API.Port
host := config.API.IP + ":" + config.API.Port

// TLS specific general settings
cfg := &tls.Config{
MinVersion: tls.VersionTLS12,
}
provider := NewChallengeProvider(dnsservers)
storage := certmagic.FileStorage{Path: Config.API.ACMECacheDir}
storage := certmagic.FileStorage{Path: config.API.ACMECacheDir}

// Set up certmagic for getting certificate for acme-dns api
certmagic.DefaultACME.DNS01Solver = &provider
certmagic.DefaultACME.Agreed = true
if Config.API.TLS == "letsencrypt" {
switch config.API.TLS {
case TlsTypeLetsEncrypt:
certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA
} else {
case TlsTypeAcmeCustom:
certmagic.DefaultACME.CA = config.API.ACMEDir
case TlsTypeLetsEncryptStaging:
certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA
default:
}
certmagic.DefaultACME.Email = Config.API.NotificationEmail
certmagic.DefaultACME.Email = config.API.ACMENotificationEmail
magicConf := certmagic.NewDefault()
magicConf.Storage = &storage
magicConf.DefaultServerName = Config.General.Domain
magicConf.DefaultServerName = config.General.Domain

magicCache := certmagic.NewCache(certmagic.CacheOptions{
GetConfigForCert: func(cert certmagic.Certificate) (*certmagic.Config, error) {
Expand All @@ -159,25 +163,13 @@ func startHTTPAPI(errChan chan error, config DNSConfig, dnsservers []*DNSServer)

magic := certmagic.New(magicCache, *magicConf)
var err error
switch Config.API.TLS {
case "letsencryptstaging":
err = magic.ManageAsync(context.Background(), []string{Config.General.Domain})
if err != nil {
errChan <- err
return
}
cfg.GetCertificate = magic.GetCertificate

srv := &http.Server{
Addr: host,
Handler: c.Handler(api),
TLSConfig: cfg,
ErrorLog: stdlog.New(logwriter, "", 0),
}
log.WithFields(log.Fields{"host": host, "domain": Config.General.Domain}).Info("Listening HTTPS")
err = srv.ListenAndServeTLS("", "")
case "letsencrypt":
err = magic.ManageAsync(context.Background(), []string{Config.General.Domain})
switch config.API.TLS {
case TlsTypeLetsEncrypt:
fallthrough
case TlsTypeLetsEncryptStaging:
fallthrough
case TlsTypeAcmeCustom:
err = magic.ManageAsync(context.Background(), []string{config.General.Domain})
if err != nil {
errChan <- err
return
Expand All @@ -189,17 +181,19 @@ func startHTTPAPI(errChan chan error, config DNSConfig, dnsservers []*DNSServer)
TLSConfig: cfg,
ErrorLog: stdlog.New(logwriter, "", 0),
}
log.WithFields(log.Fields{"host": host, "domain": Config.General.Domain}).Info("Listening HTTPS")
log.WithFields(log.Fields{"host": host, "domain": config.General.Domain}).Info("Listening HTTPS")
err = srv.ListenAndServeTLS("", "")
case "cert":
case TlsTypeCert:
srv := &http.Server{
Addr: host,
Handler: c.Handler(api),
TLSConfig: cfg,
ErrorLog: stdlog.New(logwriter, "", 0),
}
log.WithFields(log.Fields{"host": host}).Info("Listening HTTPS")
err = srv.ListenAndServeTLS(Config.API.TLSCertFullchain, Config.API.TLSCertPrivkey)
err = srv.ListenAndServeTLS(config.API.TLSCertFullchain, config.API.TLSCertPrivkey)
case TlsTypeNone:
fallthrough
default:
log.WithFields(log.Fields{"host": host}).Info("Listening HTTP")
err = http.ListenAndServe(host, c.Handler(api))
Expand Down
35 changes: 22 additions & 13 deletions types.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,21 +37,30 @@ type dbsettings struct {
Connection string
}

const (
TlsTypeLetsEncrypt = "letsencrypt"
TlsTypeLetsEncryptStaging = "letsencryptstaging"
TlsTypeAcmeCustom = "custom"
TlsTypeCert = "cert"
TlsTypeNone = "none"
)

// API config
type httpapi struct {
Domain string `toml:"api_domain"`
IP string
DisableRegistration bool `toml:"disable_registration"`
AutocertPort string `toml:"autocert_port"`
Port string `toml:"port"`
TLS string
TLSCertPrivkey string `toml:"tls_cert_privkey"`
TLSCertFullchain string `toml:"tls_cert_fullchain"`
ACMECacheDir string `toml:"acme_cache_dir"`
NotificationEmail string `toml:"notification_email"`
CorsOrigins []string
UseHeader bool `toml:"use_header"`
HeaderName string `toml:"header_name"`
Domain string `toml:"api_domain"`
IP string
DisableRegistration bool `toml:"disable_registration"`
AutocertPort string `toml:"autocert_port"`
Port string `toml:"port"`
TLS string
TLSCertPrivkey string `toml:"tls_cert_privkey"`
TLSCertFullchain string `toml:"tls_cert_fullchain"`
ACMECacheDir string `toml:"acme_cache_dir"`
ACMEDir string `toml:"acme_dir"`
ACMENotificationEmail string `toml:"notification_email"`
CorsOrigins []string
UseHeader bool `toml:"use_header"`
HeaderName string `toml:"header_name"`
}

// Logging config
Expand Down

0 comments on commit d9fe24a

Please sign in to comment.