Let's Encrypt!
This commit is contained in:
parent
3c16032955
commit
850115d468
30
main.go
30
main.go
|
|
@ -1,6 +1,7 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"flag"
|
||||
"log"
|
||||
"math/rand"
|
||||
|
|
@ -9,9 +10,9 @@ import (
|
|||
"time"
|
||||
|
||||
"git.xeserv.us/xena/route/server"
|
||||
|
||||
"github.com/facebookgo/flagenv"
|
||||
_ "github.com/joho/godotenv/autoload"
|
||||
"golang.org/x/crypto/acme/autocert"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
@ -23,6 +24,7 @@ var (
|
|||
torHashedPassword = flag.String("tor-hashed-password", "", "Tor hashed password")
|
||||
torPassword = flag.String("tor-password", "hunter2", "Tor clear password")
|
||||
webPort = flag.String("web-port", "9234", "HTTP ingress port for backends and users")
|
||||
sslPort = flag.String("ssl-port", "", "if set use this port for SSL HTTP requests (certs via LE, you agree to follow their TOS)")
|
||||
domainSuffix = flag.String("domain-suffix", ".apps.xeserv.us", "Domain name suffix associated with the load balancer")
|
||||
)
|
||||
|
||||
|
|
@ -40,12 +42,17 @@ func main() {
|
|||
TorHashedPassword: *torHashedPassword,
|
||||
TorPassword: *torPassword,
|
||||
WebPort: *webPort,
|
||||
SSLPort: *sslPort,
|
||||
DomainSuffix: *domainSuffix,
|
||||
})
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
if *sslPort != "" {
|
||||
go setupACME(s)
|
||||
}
|
||||
|
||||
l, err := net.Listen("tcp", "127.0.0.1:"+*webPort)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
|
|
@ -59,3 +66,24 @@ func main() {
|
|||
|
||||
hs.Serve(l)
|
||||
}
|
||||
|
||||
func setupACME(s *server.Server) {
|
||||
dc := autocert.DirCache("./var/certs")
|
||||
|
||||
m := autocert.Manager{
|
||||
Prompt: autocert.AcceptTOS,
|
||||
Cache: dc,
|
||||
HostPolicy: nil,
|
||||
Email: "xena@yolo-swag.com",
|
||||
}
|
||||
|
||||
hs := &http.Server{
|
||||
Handler: s,
|
||||
Addr: "127.0.0.1:" + *sslPort,
|
||||
TLSConfig: &tls.Config{
|
||||
GetCertificate: m.GetCertificate,
|
||||
},
|
||||
}
|
||||
|
||||
hs.ListenAndServeTLS("", "")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ type Config struct {
|
|||
ControlHost, ControlKeyFile string
|
||||
RethinkDBHost, RethinkDBDatabase string
|
||||
TorDataDir, TorHashedPassword, TorPassword string
|
||||
WebPort, DomainSuffix string
|
||||
WebPort, DomainSuffix, SSLPort string
|
||||
}
|
||||
|
||||
// New creates a new Server
|
||||
|
|
@ -143,7 +143,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
r.Header.Set("X-Remote-IP", host)
|
||||
r.Header.Set("X-Request-Ingress", time.Now().String())
|
||||
|
||||
if r.RequestURI == rpc.DefaultRPCPath && r.Host == "127.0.0.1:"+s.cfg.WebPort {
|
||||
if r.RequestURI == rpc.DefaultRPCPath && r.Host == "" {
|
||||
s.rpcS.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue