neoris/core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CORE_TLS_STAGING

Browse Source 
Set this value to true in order to use the Let's Encrypt staging CA,
otherwise the production CA will be used, which is the default.
This commit is contained in:
Ingo Oppermann 2023-06-28 11:55:56 +02:00
parent 72a0566bc6
commit a6d454b03f
No known key found for this signature in database
GPG Key ID: 2AB32426E9DD229E
5 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/api/api.go
View File

@ -485,7 +485,7 @@ func (a *api) start(ctx context.Context) error {
},
DefaultHostname: cfg.Host.Name[0],
EmailAddress: cfg.TLS.Email,
IsProduction: false,
IsProduction: !cfg.TLS.Staging,
Logger: a.log.logger.core.WithComponent("Let's Encrypt"),
})
if err != nil {

3
autocert/autocert.go
View File

@ -53,6 +53,9 @@ func New(config Config) (Manager, error) {
ca := certmagic.LetsEncryptStagingCA
if config.IsProduction {
ca = certmagic.LetsEncryptProductionCA
m.logger.Info().WithField("ca", ca).Log("Using production CA")
} else {
m.logger.Info().WithField("ca", ca).Log("Using staging CA")
}
certmagic.DefaultACME.Agreed = true

6
cluster/cluster.go
View File

@ -427,7 +427,7 @@ func New(ctx context.Context, config Config) (Cluster, error) {
Storage: storage,
DefaultHostname: names[0],
EmailAddress: c.config.TLS.Email,
IsProduction: false,
IsProduction: !c.config.TLS.Staging,
Logger: c.logger.WithComponent("Let's Encrypt"),
})
if err != nil {
@ -1100,6 +1100,10 @@ func verifyClusterConfig(local, remote *config.Config) error {
if local.TLS.Email != remote.TLS.Email {
return fmt.Errorf("tls.email is different")
}
if local.TLS.Staging != remote.TLS.Staging {
return fmt.Errorf("tls.staging is different")
}
}
}

1
config/config.go
View File

@ -186,6 +186,7 @@ func (d *Config) init() {
d.vars.Register(value.NewBool(&d.TLS.Enable, false), "tls.enable", "CORE_TLS_ENABLE", nil, "Enable HTTPS", false, false)
d.vars.Register(value.NewBool(&d.TLS.Auto, false), "tls.auto", "CORE_TLS_AUTO", nil, "Enable Let's Encrypt certificate", false, false)
d.vars.Register(value.NewEmail(&d.TLS.Email, "cert@datarhei.com"), "tls.email", "CORE_TLS_EMAIL", nil, "Email for Let's Encrypt registration", false, false)
d.vars.Register(value.NewBool(&d.TLS.Staging, false), "tls.staging", "CORE_TLS_STAGING", nil, "Use Let's Encrypt staging CA", false, false)
d.vars.Register(value.NewFile(&d.TLS.CertFile, "", d.fs), "tls.cert_file", "CORE_TLS_CERT_FILE", []string{"CORE_TLS_CERTFILE"}, "Path to certificate file in PEM format", false, false)
d.vars.Register(value.NewFile(&d.TLS.KeyFile, "", d.fs), "tls.key_file", "CORE_TLS_KEY_FILE", []string{"CORE_TLS_KEYFILE"}, "Path to key file in PEM format", false, false)

1
config/data.go
View File

@ -62,6 +62,7 @@ type Data struct {
Enable bool `json:"enable"`
Auto bool `json:"auto"`
Email string `json:"email"`
Staging bool `json:"staging"`
CertFile string `json:"cert_file"`
KeyFile string `json:"key_file"`
} `json:"tls"`