From 50456c578497e9921558941eae59fa01bcf269bf Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Mon, 24 Jun 2024 17:18:27 +0200
Subject: handle TLS in server with ACME

---
 internal/server/tls.go | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 internal/server/tls.go

(limited to 'internal/server/tls.go')

diff --git a/internal/server/tls.go b/internal/server/tls.go
new file mode 100644
index 0000000..b60f474
--- /dev/null
+++ b/internal/server/tls.go
@@ -0,0 +1,47 @@
+package server
+
+import (
+	"context"
+
+	"github.com/ardanlabs/conf/v3"
+	"github.com/caddyserver/caddy/v2"
+	"github.com/caddyserver/certmagic"
+	certmagic_redis "github.com/pberkel/caddy-storage-redis"
+	"github.com/pkg/errors"
+)
+
+type redisConfig struct {
+	Address       string `conf:"required"`
+	Username      string `conf:"default:default"`
+	Password      string `conf:"required"`
+	EncryptionKey string `conf:"required"`
+	KeyPrefix     string `conf:"default:certmagic"`
+}
+
+func (s *Server) serveTLS() (err error) {
+	rc := &redisConfig{}
+	_, err = conf.Parse("REDIS", rc)
+	if err != nil {
+		return errors.Wrap(err, "could not parse redis config")
+	}
+
+	rs := certmagic_redis.New()
+	rs.Address = []string{rc.Address}
+	rs.Username = rc.Username
+	rs.Password = rc.Password
+	rs.EncryptionKey = rc.EncryptionKey
+	rs.KeyPrefix = rc.KeyPrefix
+
+	certmagic.Default.Storage = rs
+	err = rs.Provision(caddy.Context{
+		Context: context.Background(),
+	})
+	if err != nil {
+		return errors.Wrap(err, "could not provision redis storage")
+	}
+
+	certmagic.DefaultACME.Agreed = true
+	certmagic.DefaultACME.Email = s.config.Email
+
+	return certmagic.HTTPS(s.config.Domains, s.Server.Handler)
+}
-- 
cgit 1.4.1