diff options
author | Alan Pearce | 2024-10-23 15:45:02 +0200 |
---|---|---|
committer | Alan Pearce | 2024-10-23 15:45:02 +0200 |
commit | 51024675983d865c4635fa70184f827c6c543d02 (patch) | |
tree | 3b26caa315efe64d71e0183b0c5c5ef37f2f1a01 | |
parent | 885a0ed62daea18c444cc67033db1d21312a32c0 (diff) | |
download | website-51024675983d865c4635fa70184f827c6c543d02.tar.lz website-51024675983d865c4635fa70184f827c6c543d02.tar.zst website-51024675983d865c4635fa70184f827c6c543d02.zip |
provision wildcard certificate correctly
-rw-r--r-- | config.toml | 1 | ||||
-rw-r--r-- | fly.toml | 9 | ||||
-rw-r--r-- | internal/server/tls.go | 8 |
3 files changed, 7 insertions, 11 deletions
diff --git a/config.toml b/config.toml index a1302ee..cabf5d7 100644 --- a/config.toml +++ b/config.toml @@ -13,7 +13,6 @@ domains = [ "alanpearce.uk", "www.alanpearce.uk", "aln.pe", - "*.aln.pe", ] oidc_host = "https://id.alanpearce.eu/" diff --git a/fly.toml b/fly.toml index 799d2a0..5c35318 100644 --- a/fly.toml +++ b/fly.toml @@ -41,15 +41,6 @@ primary_region = "ams" type = "requests" soft_limit = 15000 - [[services.http_checks]] - grace_period = "10s" - protocol = "https" - tls_server_name = "alanpearce.eu" - interval = "10s" - method = "GET" - timeout = "1s" - path = "/health" - [[vm]] size = "shared-cpu-1x" diff --git a/internal/server/tls.go b/internal/server/tls.go index 4d52b8d..9f22a5e 100644 --- a/internal/server/tls.go +++ b/internal/server/tls.go @@ -5,6 +5,7 @@ import ( "crypto/x509" "net" "net/http" + "slices" "strconv" "go.alanpearce.eu/x/listenfd" @@ -35,6 +36,9 @@ type acmeConfig struct { func (s *Server) serveTLS() (err error) { log := s.log.Named("tls") + wildcardDomain := "*." + s.config.WildcardDomain + certificateDomains := slices.Clone(s.config.Domains) + // setting cfg.Logger is too late somehow certmagic.Default.Logger = log.GetLogger().Named("certmagic") cfg := certmagic.NewDefault() @@ -96,6 +100,8 @@ func (s *Server) serveTLS() (err error) { }, }) + certificateDomains = append(slices.Clone(s.config.Domains), wildcardDomain) + log.Info("acme", "username", acme.Username, "subdomain", acme.Subdomain, "server_url", acme.ServerURL) rs := certmagic_redis.New() @@ -164,7 +170,7 @@ func (s *Server) serveTLS() (err error) { "https_port", s.runtimeConfig.TLSPort, ) - err = cfg.ManageAsync(context.TODO(), s.config.Domains) + err = cfg.ManageAsync(context.TODO(), certificateDomains) if err != nil { return errors.Wrap(err, "could not enable TLS") } |