Support automatically generated certificates

This adds a new config option in the `[server]` section: `autocert`.
When true, WF will automatically generate certificates instead of using
ones from the provided cert path. However, all generated certificates
will be stored in the configured `tls_cert_path`.

Ref T542
pull/142/head
Matt Baer 5 years ago
parent 22c1fabbcb
commit 36fb7ecb2b
  1. 26
      app.go
  2. 1
      config/config.go

@ -11,6 +11,7 @@
package writefreely
import (
"crypto/tls"
"database/sql"
"fmt"
"html/template"
@ -39,6 +40,7 @@ import (
"github.com/writeas/writefreely/key"
"github.com/writeas/writefreely/migrations"
"github.com/writeas/writefreely/page"
"golang.org/x/crypto/acme/autocert"
)
const (
@ -390,9 +392,29 @@ func Serve(app *App, r *mux.Router) {
}()
log.Info("Serving on https://%s:443", bindAddress)
if app.cfg.Server.Autocert {
log.Info("Using autocert")
m := &autocert.Manager{
Prompt: autocert.AcceptTOS,
Cache: autocert.DirCache(app.cfg.Server.TLSCertPath),
HostPolicy: autocert.HostWhitelist(app.cfg.App.Host),
}
s := &http.Server{
Addr: ":https",
Handler: r,
TLSConfig: &tls.Config{
GetCertificate: m.GetCertificate,
},
}
s.SetKeepAlivesEnabled(false)
log.Info("---")
err = http.ListenAndServeTLS(
fmt.Sprintf("%s:443", bindAddress), app.cfg.Server.TLSCertPath, app.cfg.Server.TLSKeyPath, r)
err = s.ListenAndServeTLS("", "")
} else {
log.Info("Using manual certificates")
log.Info("---")
err = http.ListenAndServeTLS(fmt.Sprintf("%s:443", bindAddress), app.cfg.Server.TLSCertPath, app.cfg.Server.TLSKeyPath, r)
}
} else {
log.Info("Serving on http://%s:%d\n", bindAddress, app.cfg.Server.Port)
log.Info("---")

@ -35,6 +35,7 @@ type (
TLSCertPath string `ini:"tls_cert_path"`
TLSKeyPath string `ini:"tls_key_path"`
Autocert bool `ini:"autocert"`
TemplatesParentDir string `ini:"templates_parent_dir"`
StaticParentDir string `ini:"static_parent_dir"`

Loading…
Cancel
Save