provision wildcard certificate correctly
Alan Pearce alan@alanpearce.eu
Wed, 23 Oct 2024 15:45:02 +0200
3 files changed, 7 insertions(+), 11 deletions(-)
M config.toml → config.toml
@@ -13,7 +13,6 @@ "www.alanpearce.eu", "alanpearce.uk", "www.alanpearce.uk", "aln.pe", - "*.aln.pe", ] oidc_host = "https://id.alanpearce.eu/"
M fly.toml → fly.toml
@@ -41,15 +41,6 @@ [services.concurrency] type = "requests" soft_limit = 15000 - [[services.http_checks]] - grace_period = "10s" - protocol = "https" - tls_server_name = "alanpearce.eu" - interval = "10s" - method = "GET" - timeout = "1s" - path = "/health" - [[vm]] size = "shared-cpu-1x"
M internal/server/tls.go → internal/server/tls.go
@@ -5,6 +5,7 @@ "context" "crypto/x509" "net" "net/http" + "slices" "strconv" "go.alanpearce.eu/x/listenfd" @@ -34,6 +35,9 @@ } func (s *Server) serveTLS() (err error) { log := s.log.Named("tls") + + wildcardDomain := "*." + s.config.WildcardDomain + certificateDomains := slices.Clone(s.config.Domains) // setting cfg.Logger is too late somehow certmagic.Default.Logger = log.GetLogger().Named("certmagic") @@ -96,6 +100,8 @@ }, }, }) + certificateDomains = append(slices.Clone(s.config.Domains), wildcardDomain) + log.Info("acme", "username", acme.Username, "subdomain", acme.Subdomain, "server_url", acme.ServerURL) rs := certmagic_redis.New() @@ -164,7 +170,7 @@ s.runtimeConfig.Port, "https_port", s.runtimeConfig.TLSPort, ) - err = cfg.ManageAsync(context.TODO(), s.config.Domains) + err = cfg.ManageAsync(context.TODO(), certificateDomains) if err != nil { return errors.Wrap(err, "could not enable TLS") }