mirrors/acme-dns
1
0
Fork 0
mirror of https://github.com/joohoi/acme-dns.git synced 2025-02-03 12:53:58 +07:00
Code Issues Packages Projects Releases Wiki Activity

Make autocert use HTTP-01 challenge instead of TLS-SNI (#36)

Browse Source
This commit is contained in:
Joona Hoikkala 2018-02-01 10:53:34 +02:00 committed by GitHub
parent 5470ba7a41
commit 562d7cbad4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -186,6 +186,8 @@ connection = "acme-dns.db"
[api]
# domain name to listen requests for, mandatory if using tls = "letsencrypt"
api_domain = ""
# autocert HTTP port, eg. 80 for answering Let's Encrypt HTTP-01 challenges. Mandatory if using tls = "letsencrypt".
autocert_port = "80"
# listen port, eg. 443 for default HTTPS
port = "8080"
# possible values: "letsencrypt", "cert", "none"
@ -214,6 +216,7 @@ header_name = "X-Forwarded-For"
```
## Changelog
- v0.3 Changed autocert to use HTTP-01 challenges, as TLS-SNI is disabled by Let's Encrypt
- v0.2 Now powered by httprouter, support wildcard certificates, Docker images
- v0.1 Initial release

2
config.cfg
View File

@ -36,6 +36,8 @@ connection = "/var/lib/acme-dns/acme-dns.db"
api_domain = ""
# listen ip eg. 127.0.0.1
ip = "0.0.0.0"
# autocert HTTP port, eg. 80 for answering Let's Encrypt HTTP-01 challenges. Mandatory if using tls = "letsencrypt".
autocert_port = "80"
# listen port, eg. 443 for default HTTPS
port = "80"
# possible values: "letsencrypt", "cert", "none"

5
main.go
View File

@ -83,6 +83,9 @@ func startHTTPAPI() {
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(Config.API.Domain),
}
autocerthost := Config.API.IP + ":" + Config.API.AutocertPort
log.WithFields(log.Fields{"autocerthost": autocerthost, "domain": Config.API.Domain}).Debug("Opening HTTP port for autocert")
go http.ListenAndServe(autocerthost, m.HTTPHandler(nil))
cfg.GetCertificate = m.GetCertificate
srv := &http.Server{
Addr: host,
@ -90,7 +93,7 @@ func startHTTPAPI() {
TLSConfig: cfg,
ErrorLog: stdlog.New(logwriter, "", 0),
}
log.WithFields(log.Fields{"host": host, "domain": Config.API.Domain}).Info("Listening HTTPS autocert")
log.WithFields(log.Fields{"host": host, "domain": Config.API.Domain}).Info("Listening HTTPS, using certificate from autocert")
log.Fatal(srv.ListenAndServeTLS("", ""))
case "cert":
srv := &http.Server{

1
types.go
View File

@ -52,6 +52,7 @@ type dbsettings struct {
type httpapi struct {
Domain string `toml:"api_domain"`
IP string
AutocertPort string `toml:"autocert_port"`
Port string `toml:"port"`
TLS string
TLSCertPrivkey string `toml:"tls_cert_privkey"`