From e9f32ba273e258ad7340f14da434abbbf223fade Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Mon, 9 Dec 2024 17:24:42 +0100 Subject: tls: reduce visual noise --- internal/server/tls.go | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/internal/server/tls.go b/internal/server/tls.go index 183ce70..fc87049 100644 --- a/internal/server/tls.go +++ b/internal/server/tls.go @@ -35,11 +35,14 @@ func (s *Server) serveTLS() (err error) { // setting cfg.Logger is too late somehow certmagic.Default.Logger = log.GetLogger().Named("certmagic") - certmagic.DefaultACME.Agreed = true - certmagic.DefaultACME.Email = s.config.Email - certmagic.DefaultACME.ListenHost = s.runtimeConfig.ListenAddress - certmagic.DefaultACME.AltHTTPPort = s.runtimeConfig.Port - certmagic.DefaultACME.AltTLSALPNPort = s.runtimeConfig.TLSPort + cfg := certmagic.NewDefault() + + acme := certmagic.DefaultACME + acme.Agreed = true + acme.Email = s.config.Email + acme.ListenHost = s.runtimeConfig.ListenAddress + acme.AltHTTPPort = s.runtimeConfig.Port + acme.AltTLSALPNPort = s.runtimeConfig.TLSPort if s.runtimeConfig.Development { ca := s.runtimeConfig.ACMECA @@ -58,11 +61,11 @@ func (s *Server) serveTLS() (err error) { } // caddy's ACME server (step-ca) doesn't specify an OCSP server - certmagic.Default.OCSP.DisableStapling = true + cfg.OCSP.DisableStapling = true - certmagic.DefaultACME.CA = s.runtimeConfig.ACMECA - certmagic.DefaultACME.TrustedRoots = cp - certmagic.DefaultACME.DisableTLSALPNChallenge = true + acme.CA = s.runtimeConfig.ACMECA + acme.TrustedRoots = cp + acme.DisableTLSALPNChallenge = true } else { rc := &redisConfig{} _, err = conf.Parse("REDIS", rc) @@ -76,8 +79,7 @@ func (s *Server) serveTLS() (err error) { return errors.WithMessage(err, "could not parse PowerDNS ACME config") } - certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA - certmagic.DefaultACME.DNS01Solver = &certmagic.DNS01Solver{ + acme.DNS01Solver = &certmagic.DNS01Solver{ DNSManager: certmagic.DNSManager{ DNSProvider: pdns, Logger: certmagic.Default.Logger, @@ -115,7 +117,7 @@ func (s *Server) serveTLS() (err error) { httpMux := http.NewServeMux() httpMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { if certmagic.LooksLikeHTTPChallenge(r) && - certmagic.DefaultACME.HandleHTTPChallenge(w, r) { + acme.HandleHTTPChallenge(w, r) { return } url := r.URL @@ -156,11 +158,11 @@ func (s *Server) serveTLS() (err error) { "https_port", s.runtimeConfig.TLSPort, ) - err = certmagic.ManageAsync(context.TODO(), certificateDomains) + err = cfg.ManageAsync(context.TODO(), certificateDomains) if err != nil { return errors.WithMessage(err, "could not enable TLS") } - tlsConfig := certmagic.NewDefault().TLSConfig() + tlsConfig := cfg.TLSConfig() tlsConfig.NextProtos = append([]string{"h2", "http/1.1"}, tlsConfig.NextProtos...) sln, err := listenfd.GetListenerTLS( -- cgit 1.4.1