about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorAlan Pearce2024-10-23 15:45:02 +0200
committerAlan Pearce2024-10-23 15:45:02 +0200
commit51024675983d865c4635fa70184f827c6c543d02 (patch)
tree3b26caa315efe64d71e0183b0c5c5ef37f2f1a01
parent885a0ed62daea18c444cc67033db1d21312a32c0 (diff)
downloadwebsite-51024675983d865c4635fa70184f827c6c543d02.tar.lz
website-51024675983d865c4635fa70184f827c6c543d02.tar.zst
website-51024675983d865c4635fa70184f827c6c543d02.zip
provision wildcard certificate correctly
-rw-r--r--config.toml1
-rw-r--r--fly.toml9
-rw-r--r--internal/server/tls.go8
3 files changed, 7 insertions, 11 deletions
diff --git a/config.toml b/config.toml
index a1302ee..cabf5d7 100644
--- a/config.toml
+++ b/config.toml
@@ -13,7 +13,6 @@ domains = [
   "alanpearce.uk",
   "www.alanpearce.uk",
   "aln.pe",
-  "*.aln.pe",
 ]
 
 oidc_host = "https://id.alanpearce.eu/"
diff --git a/fly.toml b/fly.toml
index 799d2a0..5c35318 100644
--- a/fly.toml
+++ b/fly.toml
@@ -41,15 +41,6 @@ primary_region = "ams"
     type = "requests"
     soft_limit = 15000
 
-  [[services.http_checks]]
-    grace_period = "10s"
-    protocol = "https"
-    tls_server_name = "alanpearce.eu"
-    interval = "10s"
-    method = "GET"
-    timeout = "1s"
-    path = "/health"
-
 [[vm]]
   size = "shared-cpu-1x"
 
diff --git a/internal/server/tls.go b/internal/server/tls.go
index 4d52b8d..9f22a5e 100644
--- a/internal/server/tls.go
+++ b/internal/server/tls.go
@@ -5,6 +5,7 @@ import (
 	"crypto/x509"
 	"net"
 	"net/http"
+	"slices"
 	"strconv"
 
 	"go.alanpearce.eu/x/listenfd"
@@ -35,6 +36,9 @@ type acmeConfig struct {
 func (s *Server) serveTLS() (err error) {
 	log := s.log.Named("tls")
 
+	wildcardDomain := "*." + s.config.WildcardDomain
+	certificateDomains := slices.Clone(s.config.Domains)
+
 	// setting cfg.Logger is too late somehow
 	certmagic.Default.Logger = log.GetLogger().Named("certmagic")
 	cfg := certmagic.NewDefault()
@@ -96,6 +100,8 @@ func (s *Server) serveTLS() (err error) {
 			},
 		})
 
+		certificateDomains = append(slices.Clone(s.config.Domains), wildcardDomain)
+
 		log.Info("acme", "username", acme.Username, "subdomain", acme.Subdomain, "server_url", acme.ServerURL)
 
 		rs := certmagic_redis.New()
@@ -164,7 +170,7 @@ func (s *Server) serveTLS() (err error) {
 		"https_port",
 		s.runtimeConfig.TLSPort,
 	)
-	err = cfg.ManageAsync(context.TODO(), s.config.Domains)
+	err = cfg.ManageAsync(context.TODO(), certificateDomains)
 	if err != nil {
 		return errors.Wrap(err, "could not enable TLS")
 	}