diff options
author | Alan Pearce | 2024-06-24 17:18:27 +0200 |
---|---|---|
committer | Alan Pearce | 2024-06-24 17:18:27 +0200 |
commit | 50456c578497e9921558941eae59fa01bcf269bf (patch) | |
tree | c2520d354a789c50bffbf3bf961dc2a6e6b47659 /internal/server/tls.go | |
parent | e6dd1b5f719ea483f5e77f78c045224607707d0a (diff) | |
download | website-50456c578497e9921558941eae59fa01bcf269bf.tar.lz website-50456c578497e9921558941eae59fa01bcf269bf.tar.zst website-50456c578497e9921558941eae59fa01bcf269bf.zip |
handle TLS in server with ACME
Diffstat (limited to 'internal/server/tls.go')
-rw-r--r-- | internal/server/tls.go | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/internal/server/tls.go b/internal/server/tls.go new file mode 100644 index 0000000..b60f474 --- /dev/null +++ b/internal/server/tls.go @@ -0,0 +1,47 @@ +package server + +import ( + "context" + + "github.com/ardanlabs/conf/v3" + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/certmagic" + certmagic_redis "github.com/pberkel/caddy-storage-redis" + "github.com/pkg/errors" +) + +type redisConfig struct { + Address string `conf:"required"` + Username string `conf:"default:default"` + Password string `conf:"required"` + EncryptionKey string `conf:"required"` + KeyPrefix string `conf:"default:certmagic"` +} + +func (s *Server) serveTLS() (err error) { + rc := &redisConfig{} + _, err = conf.Parse("REDIS", rc) + if err != nil { + return errors.Wrap(err, "could not parse redis config") + } + + rs := certmagic_redis.New() + rs.Address = []string{rc.Address} + rs.Username = rc.Username + rs.Password = rc.Password + rs.EncryptionKey = rc.EncryptionKey + rs.KeyPrefix = rc.KeyPrefix + + certmagic.Default.Storage = rs + err = rs.Provision(caddy.Context{ + Context: context.Background(), + }) + if err != nil { + return errors.Wrap(err, "could not provision redis storage") + } + + certmagic.DefaultACME.Agreed = true + certmagic.DefaultACME.Email = s.config.Email + + return certmagic.HTTPS(s.config.Domains, s.Server.Handler) +} |