Let's Encrypt!
This commit is contained in:
parent
3c16032955
commit
850115d468
30
main.go
30
main.go
|
|
@ -1,6 +1,7 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"flag"
|
"flag"
|
||||||
"log"
|
"log"
|
||||||
"math/rand"
|
"math/rand"
|
||||||
|
|
@ -9,9 +10,9 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"git.xeserv.us/xena/route/server"
|
"git.xeserv.us/xena/route/server"
|
||||||
|
|
||||||
"github.com/facebookgo/flagenv"
|
"github.com/facebookgo/flagenv"
|
||||||
_ "github.com/joho/godotenv/autoload"
|
_ "github.com/joho/godotenv/autoload"
|
||||||
|
"golang.org/x/crypto/acme/autocert"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
@ -23,6 +24,7 @@ var (
|
||||||
torHashedPassword = flag.String("tor-hashed-password", "", "Tor hashed password")
|
torHashedPassword = flag.String("tor-hashed-password", "", "Tor hashed password")
|
||||||
torPassword = flag.String("tor-password", "hunter2", "Tor clear password")
|
torPassword = flag.String("tor-password", "hunter2", "Tor clear password")
|
||||||
webPort = flag.String("web-port", "9234", "HTTP ingress port for backends and users")
|
webPort = flag.String("web-port", "9234", "HTTP ingress port for backends and users")
|
||||||
|
sslPort = flag.String("ssl-port", "", "if set use this port for SSL HTTP requests (certs via LE, you agree to follow their TOS)")
|
||||||
domainSuffix = flag.String("domain-suffix", ".apps.xeserv.us", "Domain name suffix associated with the load balancer")
|
domainSuffix = flag.String("domain-suffix", ".apps.xeserv.us", "Domain name suffix associated with the load balancer")
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -40,12 +42,17 @@ func main() {
|
||||||
TorHashedPassword: *torHashedPassword,
|
TorHashedPassword: *torHashedPassword,
|
||||||
TorPassword: *torPassword,
|
TorPassword: *torPassword,
|
||||||
WebPort: *webPort,
|
WebPort: *webPort,
|
||||||
|
SSLPort: *sslPort,
|
||||||
DomainSuffix: *domainSuffix,
|
DomainSuffix: *domainSuffix,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if *sslPort != "" {
|
||||||
|
go setupACME(s)
|
||||||
|
}
|
||||||
|
|
||||||
l, err := net.Listen("tcp", "127.0.0.1:"+*webPort)
|
l, err := net.Listen("tcp", "127.0.0.1:"+*webPort)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
|
|
@ -59,3 +66,24 @@ func main() {
|
||||||
|
|
||||||
hs.Serve(l)
|
hs.Serve(l)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func setupACME(s *server.Server) {
|
||||||
|
dc := autocert.DirCache("./var/certs")
|
||||||
|
|
||||||
|
m := autocert.Manager{
|
||||||
|
Prompt: autocert.AcceptTOS,
|
||||||
|
Cache: dc,
|
||||||
|
HostPolicy: nil,
|
||||||
|
Email: "xena@yolo-swag.com",
|
||||||
|
}
|
||||||
|
|
||||||
|
hs := &http.Server{
|
||||||
|
Handler: s,
|
||||||
|
Addr: "127.0.0.1:" + *sslPort,
|
||||||
|
TLSConfig: &tls.Config{
|
||||||
|
GetCertificate: m.GetCertificate,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
hs.ListenAndServeTLS("", "")
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,7 @@ type Config struct {
|
||||||
ControlHost, ControlKeyFile string
|
ControlHost, ControlKeyFile string
|
||||||
RethinkDBHost, RethinkDBDatabase string
|
RethinkDBHost, RethinkDBDatabase string
|
||||||
TorDataDir, TorHashedPassword, TorPassword string
|
TorDataDir, TorHashedPassword, TorPassword string
|
||||||
WebPort, DomainSuffix string
|
WebPort, DomainSuffix, SSLPort string
|
||||||
}
|
}
|
||||||
|
|
||||||
// New creates a new Server
|
// New creates a new Server
|
||||||
|
|
@ -143,7 +143,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
r.Header.Set("X-Remote-IP", host)
|
r.Header.Set("X-Remote-IP", host)
|
||||||
r.Header.Set("X-Request-Ingress", time.Now().String())
|
r.Header.Set("X-Request-Ingress", time.Now().String())
|
||||||
|
|
||||||
if r.RequestURI == rpc.DefaultRPCPath && r.Host == "127.0.0.1:"+s.cfg.WebPort {
|
if r.RequestURI == rpc.DefaultRPCPath && r.Host == "" {
|
||||||
s.rpcS.ServeHTTP(w, r)
|
s.rpcS.ServeHTTP(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue