Merge pull request #3249 from GNURub/feature/autocert

Feature/autocert

app.go

@@ -30,6 +30,7 @@ import (
 	"github.com/astaxie/beego/grace"
 	"github.com/astaxie/beego/logs"
 	"github.com/astaxie/beego/utils"
+	"golang.org/x/crypto/acme/autocert"
 )
 
 var (
@@ -126,13 +127,21 @@ func (app *App) Run(mws ...MiddleWare) {
 				server.Server.ReadTimeout = app.Server.ReadTimeout
 				server.Server.WriteTimeout = app.Server.WriteTimeout
 				if BConfig.Listen.EnableMutualHTTPS {
-
 					if err := server.ListenAndServeMutualTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile, BConfig.Listen.TrustCaFile); err != nil {
 						logs.Critical("ListenAndServeTLS: ", err, fmt.Sprintf("%d", os.Getpid()))
 						time.Sleep(100 * time.Microsecond)
 						endRunning <- true
 					}
 				} else {
+					if BConfig.Listen.AutoTLS {
+						m := autocert.Manager{
+							Prompt:     autocert.AcceptTOS,
+							HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...),
+							Cache:      autocert.DirCache(BConfig.Listen.TLSCacheDir),
+						}
+						app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate}
+						BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", ""
+					}
 					if err := server.ListenAndServeTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile); err != nil {
 						logs.Critical("ListenAndServeTLS: ", err, fmt.Sprintf("%d", os.Getpid()))
 						time.Sleep(100 * time.Microsecond)
@@ -167,11 +176,19 @@ func (app *App) Run(mws ...MiddleWare) {
 			if BConfig.Listen.HTTPSPort != 0 {
 				app.Server.Addr = fmt.Sprintf("%s:%d", BConfig.Listen.HTTPSAddr, BConfig.Listen.HTTPSPort)
 			} else if BConfig.Listen.EnableHTTP {
-				BeeLogger.Info("Start https server error, conflict with http.Please reset https port")
+				BeeLogger.Info("Start https server error, conflict with http. Please reset https port")
 				return
 			}
 			logs.Info("https server Running on https://%s", app.Server.Addr)
-			if BConfig.Listen.EnableMutualHTTPS {
+			if BConfig.Listen.AutoTLS {
+				m := autocert.Manager{
+					Prompt:     autocert.AcceptTOS,
+					HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...),
+					Cache:      autocert.DirCache(BConfig.Listen.TLSCacheDir),
+				}
+				app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate}
+				BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", ""
+			} else if BConfig.Listen.EnableMutualHTTPS {
 				pool := x509.NewCertPool()
 				data, err := ioutil.ReadFile(BConfig.Listen.TrustCaFile)
 				if err != nil {
@@ -190,6 +207,7 @@ func (app *App) Run(mws ...MiddleWare) {
 				endRunning <- true
 			}
 		}()
+
 	}
 	if BConfig.Listen.EnableHTTP {
 		go func() {

beego.go

@@ -62,6 +62,8 @@ func Run(params ...string) {
 		if len(strs) > 1 && strs[1] != "" {
 			BConfig.Listen.HTTPPort, _ = strconv.Atoi(strs[1])
 		}
+
+		BConfig.Listen.Domains = params
 	}
 
 	BeeApp.Run()
@@ -74,6 +76,7 @@ func RunWithMiddleWares(addr string, mws ...MiddleWare) {
 	strs := strings.Split(addr, ":")
 	if len(strs) > 0 && strs[0] != "" {
 		BConfig.Listen.HTTPAddr = strs[0]
+		BConfig.Listen.Domains = []string{strs[0]}
 	}
 	if len(strs) > 1 && strs[1] != "" {
 		BConfig.Listen.HTTPPort, _ = strconv.Atoi(strs[1])

config.go

@@ -55,6 +55,9 @@ type Listen struct {
 	EnableHTTP        bool
 	HTTPAddr          string
 	HTTPPort          int
+	AutoTLS           bool
+	Domains           []string
+	TLSCacheDir       string
 	EnableHTTPS       bool
 	EnableMutualHTTPS bool
 	HTTPSAddr         string
@@ -209,6 +212,9 @@ func newBConfig() *Config {
 			ServerTimeOut: 0,
 			ListenTCP4:    false,
 			EnableHTTP:    true,
+			AutoTLS:       false,
+			Domains:       []string{},
+			TLSCacheDir:   ".",
 			HTTPAddr:      "",
 			HTTPPort:      8080,
 			EnableHTTPS:   false,

controller.go

@@ -36,7 +36,7 @@ import (
 const (
 	applicationJSON = "application/json"
 	applicationXML  = "application/xml"
-	applicationYAML  = "application/x-yaml"
+	applicationYAML = "application/x-yaml"
 	textXML         = "text/xml"
 )