about summary refs log tree commit diff stats
path: root/internal/server/tls.go
diff options
context:
space:
mode:
authorAlan Pearce2024-06-24 17:18:27 +0200
committerAlan Pearce2024-06-24 17:18:27 +0200
commit50456c578497e9921558941eae59fa01bcf269bf (patch)
treec2520d354a789c50bffbf3bf961dc2a6e6b47659 /internal/server/tls.go
parente6dd1b5f719ea483f5e77f78c045224607707d0a (diff)
downloadwebsite-50456c578497e9921558941eae59fa01bcf269bf.tar.lz
website-50456c578497e9921558941eae59fa01bcf269bf.tar.zst
website-50456c578497e9921558941eae59fa01bcf269bf.zip
handle TLS in server with ACME
Diffstat (limited to 'internal/server/tls.go')
-rw-r--r--internal/server/tls.go47
1 files changed, 47 insertions, 0 deletions
diff --git a/internal/server/tls.go b/internal/server/tls.go
new file mode 100644
index 0000000..b60f474
--- /dev/null
+++ b/internal/server/tls.go
@@ -0,0 +1,47 @@
+package server
+
+import (
+	"context"
+
+	"github.com/ardanlabs/conf/v3"
+	"github.com/caddyserver/caddy/v2"
+	"github.com/caddyserver/certmagic"
+	certmagic_redis "github.com/pberkel/caddy-storage-redis"
+	"github.com/pkg/errors"
+)
+
+type redisConfig struct {
+	Address       string `conf:"required"`
+	Username      string `conf:"default:default"`
+	Password      string `conf:"required"`
+	EncryptionKey string `conf:"required"`
+	KeyPrefix     string `conf:"default:certmagic"`
+}
+
+func (s *Server) serveTLS() (err error) {
+	rc := &redisConfig{}
+	_, err = conf.Parse("REDIS", rc)
+	if err != nil {
+		return errors.Wrap(err, "could not parse redis config")
+	}
+
+	rs := certmagic_redis.New()
+	rs.Address = []string{rc.Address}
+	rs.Username = rc.Username
+	rs.Password = rc.Password
+	rs.EncryptionKey = rc.EncryptionKey
+	rs.KeyPrefix = rc.KeyPrefix
+
+	certmagic.Default.Storage = rs
+	err = rs.Provision(caddy.Context{
+		Context: context.Background(),
+	})
+	if err != nil {
+		return errors.Wrap(err, "could not provision redis storage")
+	}
+
+	certmagic.DefaultACME.Agreed = true
+	certmagic.DefaultACME.Email = s.config.Email
+
+	return certmagic.HTTPS(s.config.Domains, s.Server.Handler)
+}