From 38f9a3c49e7d3a34592b187ec206bdd3c932b412 Mon Sep 17 00:00:00 2001 From: Ruben Cid Date: Fri, 20 Jul 2018 18:53:57 +0200 Subject: [PATCH 1/4] AutoCert --- app.go | 31 +++++++++++-- auto_TLS.patch | 117 +++++++++++++++++++++++++++++++++++++++++++++++++ config.go | 6 +++ controller.go | 2 +- 4 files changed, 152 insertions(+), 4 deletions(-) create mode 100644 auto_TLS.patch diff --git a/app.go b/app.go index f286fb7a..ed7e4a30 100644 --- a/app.go +++ b/app.go @@ -30,6 +30,7 @@ import ( "github.com/astaxie/beego/grace" "github.com/astaxie/beego/logs" "github.com/astaxie/beego/utils" + "golang.org/x/crypto/acme/autocert" ) var ( @@ -125,7 +126,18 @@ func (app *App) Run(mws ...MiddleWare) { server := grace.NewServer(httpsAddr, app.Handlers) server.Server.ReadTimeout = app.Server.ReadTimeout server.Server.WriteTimeout = app.Server.WriteTimeout - if BConfig.Listen.EnableMutualHTTPS { + if BConfig.Listen.AutoTLS { + m := autocert.Manager{ + Prompt: autocert.AcceptTOS, + HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...), + Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir), + } + + app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate} + + BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", "" + + } else if BConfig.Listen.EnableMutualHTTPS { if err := server.ListenAndServeMutualTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile, BConfig.Listen.TrustCaFile); err != nil { logs.Critical("ListenAndServeTLS: ", err, fmt.Sprintf("%d", os.Getpid())) @@ -162,16 +174,28 @@ func (app *App) Run(mws ...MiddleWare) { // run normal mode if BConfig.Listen.EnableHTTPS || BConfig.Listen.EnableMutualHTTPS { + go func() { time.Sleep(1000 * time.Microsecond) if BConfig.Listen.HTTPSPort != 0 { app.Server.Addr = fmt.Sprintf("%s:%d", BConfig.Listen.HTTPSAddr, BConfig.Listen.HTTPSPort) } else if BConfig.Listen.EnableHTTP { - BeeLogger.Info("Start https server error, conflict with http.Please reset https port") + BeeLogger.Info("Start https server error, conflict with http. Please reset https port") return } logs.Info("https server Running on https://%s", app.Server.Addr) - if BConfig.Listen.EnableMutualHTTPS { + if BConfig.Listen.AutoTLS { + m := autocert.Manager{ + Prompt: autocert.AcceptTOS, + HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...), + Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir), + } + + app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate} + + BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", "" + + } else if BConfig.Listen.EnableMutualHTTPS { pool := x509.NewCertPool() data, err := ioutil.ReadFile(BConfig.Listen.TrustCaFile) if err != nil { @@ -190,6 +214,7 @@ func (app *App) Run(mws ...MiddleWare) { endRunning <- true } }() + } if BConfig.Listen.EnableHTTP { go func() { diff --git a/auto_TLS.patch b/auto_TLS.patch new file mode 100644 index 00000000..e237545b --- /dev/null +++ b/auto_TLS.patch @@ -0,0 +1,117 @@ +Index: app.go +IDEA additional info: +Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP +<+>UTF-8 +=================================================================== +--- app.go (date 1532101275000) ++++ app.go (date 1532105406000) +@@ -30,6 +30,7 @@ + "github.com/astaxie/beego/grace" + "github.com/astaxie/beego/logs" + "github.com/astaxie/beego/utils" ++ "golang.org/x/crypto/acme/autocert" + ) + + var ( +@@ -125,7 +126,18 @@ + server := grace.NewServer(httpsAddr, app.Handlers) + server.Server.ReadTimeout = app.Server.ReadTimeout + server.Server.WriteTimeout = app.Server.WriteTimeout +- if BConfig.Listen.EnableMutualHTTPS { ++ if BConfig.Listen.AutoTLS { ++ m := autocert.Manager{ ++ Prompt: autocert.AcceptTOS, ++ HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...), ++ Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir), ++ } ++ ++ app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate} ++ ++ BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", "" ++ ++ } else if BConfig.Listen.EnableMutualHTTPS { + + if err := server.ListenAndServeMutualTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile, BConfig.Listen.TrustCaFile); err != nil { + logs.Critical("ListenAndServeTLS: ", err, fmt.Sprintf("%d", os.Getpid())) +@@ -162,16 +174,28 @@ + + // run normal mode + if BConfig.Listen.EnableHTTPS || BConfig.Listen.EnableMutualHTTPS { ++ + go func() { + time.Sleep(1000 * time.Microsecond) + if BConfig.Listen.HTTPSPort != 0 { + app.Server.Addr = fmt.Sprintf("%s:%d", BConfig.Listen.HTTPSAddr, BConfig.Listen.HTTPSPort) + } else if BConfig.Listen.EnableHTTP { +- BeeLogger.Info("Start https server error, conflict with http.Please reset https port") ++ BeeLogger.Info("Start https server error, conflict with http. Please reset https port") + return + } + logs.Info("https server Running on https://%s", app.Server.Addr) +- if BConfig.Listen.EnableMutualHTTPS { ++ if BConfig.Listen.AutoTLS { ++ m := autocert.Manager{ ++ Prompt: autocert.AcceptTOS, ++ HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...), ++ Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir), ++ } ++ ++ app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate} ++ ++ BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", "" ++ ++ } else if BConfig.Listen.EnableMutualHTTPS { + pool := x509.NewCertPool() + data, err := ioutil.ReadFile(BConfig.Listen.TrustCaFile) + if err != nil { +@@ -190,6 +214,7 @@ + endRunning <- true + } + }() ++ + } + if BConfig.Listen.EnableHTTP { + go func() { +Index: controller.go +IDEA additional info: +Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP +<+>UTF-8 +=================================================================== +--- controller.go (date 1532101275000) ++++ controller.go (date 1532105474000) +@@ -36,7 +36,7 @@ + const ( + applicationJSON = "application/json" + applicationXML = "application/xml" +- applicationYAML = "application/x-yaml" ++ applicationYAML = "application/x-yaml" + textXML = "text/xml" + ) + +Index: config.go +IDEA additional info: +Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP +<+>UTF-8 +=================================================================== +--- config.go (date 1532101275000) ++++ config.go (date 1532105364000) +@@ -55,6 +55,9 @@ + EnableHTTP bool + HTTPAddr string + HTTPPort int ++ AutoTLS bool ++ Domains []string ++ TLSCacheDir string + EnableHTTPS bool + EnableMutualHTTPS bool + HTTPSAddr string +@@ -209,6 +212,9 @@ + ServerTimeOut: 0, + ListenTCP4: false, + EnableHTTP: true, ++ AutoTLS: false, ++ Domains: []string{}, ++ TLSCacheDir: ".", + HTTPAddr: "", + HTTPPort: 8080, + EnableHTTPS: false, diff --git a/config.go b/config.go index b9ad06c9..7969dcea 100644 --- a/config.go +++ b/config.go @@ -55,6 +55,9 @@ type Listen struct { EnableHTTP bool HTTPAddr string HTTPPort int + AutoTLS bool + Domains []string + TLSCacheDir string EnableHTTPS bool EnableMutualHTTPS bool HTTPSAddr string @@ -209,6 +212,9 @@ func newBConfig() *Config { ServerTimeOut: 0, ListenTCP4: false, EnableHTTP: true, + AutoTLS: false, + Domains: []string{}, + TLSCacheDir: ".", HTTPAddr: "", HTTPPort: 8080, EnableHTTPS: false, diff --git a/controller.go b/controller.go index c53889a6..8be43a33 100644 --- a/controller.go +++ b/controller.go @@ -36,7 +36,7 @@ import ( const ( applicationJSON = "application/json" applicationXML = "application/xml" - applicationYAML = "application/x-yaml" + applicationYAML = "application/x-yaml" textXML = "text/xml" ) From cf6e82554742afba35b4106f634ef56761355ac9 Mon Sep 17 00:00:00 2001 From: Ruben Cid Date: Fri, 20 Jul 2018 18:59:45 +0200 Subject: [PATCH 2/4] Domains --- beego.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/beego.go b/beego.go index fdbdc798..b90d3201 100644 --- a/beego.go +++ b/beego.go @@ -62,6 +62,8 @@ func Run(params ...string) { if len(strs) > 1 && strs[1] != "" { BConfig.Listen.HTTPPort, _ = strconv.Atoi(strs[1]) } + + BConfig.Listen.Domains = params } BeeApp.Run() @@ -74,6 +76,7 @@ func RunWithMiddleWares(addr string, mws ...MiddleWare) { strs := strings.Split(addr, ":") if len(strs) > 0 && strs[0] != "" { BConfig.Listen.HTTPAddr = strs[0] + BConfig.Listen.Domains = []string{strs[0]} } if len(strs) > 1 && strs[1] != "" { BConfig.Listen.HTTPPort, _ = strconv.Atoi(strs[1]) From f7008e28771636902e3ec32fb685b41056295fa0 Mon Sep 17 00:00:00 2001 From: Ruben Cid Date: Fri, 20 Jul 2018 19:02:09 +0200 Subject: [PATCH 3/4] Removed patch --- auto_TLS.patch | 117 ------------------------------------------------- 1 file changed, 117 deletions(-) delete mode 100644 auto_TLS.patch diff --git a/auto_TLS.patch b/auto_TLS.patch deleted file mode 100644 index e237545b..00000000 --- a/auto_TLS.patch +++ /dev/null @@ -1,117 +0,0 @@ -Index: app.go -IDEA additional info: -Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP -<+>UTF-8 -=================================================================== ---- app.go (date 1532101275000) -+++ app.go (date 1532105406000) -@@ -30,6 +30,7 @@ - "github.com/astaxie/beego/grace" - "github.com/astaxie/beego/logs" - "github.com/astaxie/beego/utils" -+ "golang.org/x/crypto/acme/autocert" - ) - - var ( -@@ -125,7 +126,18 @@ - server := grace.NewServer(httpsAddr, app.Handlers) - server.Server.ReadTimeout = app.Server.ReadTimeout - server.Server.WriteTimeout = app.Server.WriteTimeout -- if BConfig.Listen.EnableMutualHTTPS { -+ if BConfig.Listen.AutoTLS { -+ m := autocert.Manager{ -+ Prompt: autocert.AcceptTOS, -+ HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...), -+ Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir), -+ } -+ -+ app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate} -+ -+ BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", "" -+ -+ } else if BConfig.Listen.EnableMutualHTTPS { - - if err := server.ListenAndServeMutualTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile, BConfig.Listen.TrustCaFile); err != nil { - logs.Critical("ListenAndServeTLS: ", err, fmt.Sprintf("%d", os.Getpid())) -@@ -162,16 +174,28 @@ - - // run normal mode - if BConfig.Listen.EnableHTTPS || BConfig.Listen.EnableMutualHTTPS { -+ - go func() { - time.Sleep(1000 * time.Microsecond) - if BConfig.Listen.HTTPSPort != 0 { - app.Server.Addr = fmt.Sprintf("%s:%d", BConfig.Listen.HTTPSAddr, BConfig.Listen.HTTPSPort) - } else if BConfig.Listen.EnableHTTP { -- BeeLogger.Info("Start https server error, conflict with http.Please reset https port") -+ BeeLogger.Info("Start https server error, conflict with http. Please reset https port") - return - } - logs.Info("https server Running on https://%s", app.Server.Addr) -- if BConfig.Listen.EnableMutualHTTPS { -+ if BConfig.Listen.AutoTLS { -+ m := autocert.Manager{ -+ Prompt: autocert.AcceptTOS, -+ HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...), -+ Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir), -+ } -+ -+ app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate} -+ -+ BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", "" -+ -+ } else if BConfig.Listen.EnableMutualHTTPS { - pool := x509.NewCertPool() - data, err := ioutil.ReadFile(BConfig.Listen.TrustCaFile) - if err != nil { -@@ -190,6 +214,7 @@ - endRunning <- true - } - }() -+ - } - if BConfig.Listen.EnableHTTP { - go func() { -Index: controller.go -IDEA additional info: -Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP -<+>UTF-8 -=================================================================== ---- controller.go (date 1532101275000) -+++ controller.go (date 1532105474000) -@@ -36,7 +36,7 @@ - const ( - applicationJSON = "application/json" - applicationXML = "application/xml" -- applicationYAML = "application/x-yaml" -+ applicationYAML = "application/x-yaml" - textXML = "text/xml" - ) - -Index: config.go -IDEA additional info: -Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP -<+>UTF-8 -=================================================================== ---- config.go (date 1532101275000) -+++ config.go (date 1532105364000) -@@ -55,6 +55,9 @@ - EnableHTTP bool - HTTPAddr string - HTTPPort int -+ AutoTLS bool -+ Domains []string -+ TLSCacheDir string - EnableHTTPS bool - EnableMutualHTTPS bool - HTTPSAddr string -@@ -209,6 +212,9 @@ - ServerTimeOut: 0, - ListenTCP4: false, - EnableHTTP: true, -+ AutoTLS: false, -+ Domains: []string{}, -+ TLSCacheDir: ".", - HTTPAddr: "", - HTTPPort: 8080, - EnableHTTPS: false, From aaa7e337786c6aad717b11504cd30aa9715bee0d Mon Sep 17 00:00:00 2001 From: Ruben Cid Date: Fri, 20 Jul 2018 19:54:25 +0200 Subject: [PATCH 4/4] Autocert ok --- app.go | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/app.go b/app.go index ed7e4a30..32ff159d 100644 --- a/app.go +++ b/app.go @@ -126,25 +126,22 @@ func (app *App) Run(mws ...MiddleWare) { server := grace.NewServer(httpsAddr, app.Handlers) server.Server.ReadTimeout = app.Server.ReadTimeout server.Server.WriteTimeout = app.Server.WriteTimeout - if BConfig.Listen.AutoTLS { - m := autocert.Manager{ - Prompt: autocert.AcceptTOS, - HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...), - Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir), - } - - app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate} - - BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", "" - - } else if BConfig.Listen.EnableMutualHTTPS { - + if BConfig.Listen.EnableMutualHTTPS { if err := server.ListenAndServeMutualTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile, BConfig.Listen.TrustCaFile); err != nil { logs.Critical("ListenAndServeTLS: ", err, fmt.Sprintf("%d", os.Getpid())) time.Sleep(100 * time.Microsecond) endRunning <- true } } else { + if BConfig.Listen.AutoTLS { + m := autocert.Manager{ + Prompt: autocert.AcceptTOS, + HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...), + Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir), + } + app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate} + BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", "" + } if err := server.ListenAndServeTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile); err != nil { logs.Critical("ListenAndServeTLS: ", err, fmt.Sprintf("%d", os.Getpid())) time.Sleep(100 * time.Microsecond) @@ -174,7 +171,6 @@ func (app *App) Run(mws ...MiddleWare) { // run normal mode if BConfig.Listen.EnableHTTPS || BConfig.Listen.EnableMutualHTTPS { - go func() { time.Sleep(1000 * time.Microsecond) if BConfig.Listen.HTTPSPort != 0 { @@ -190,11 +186,8 @@ func (app *App) Run(mws ...MiddleWare) { HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...), Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir), } - app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate} - BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", "" - } else if BConfig.Listen.EnableMutualHTTPS { pool := x509.NewCertPool() data, err := ioutil.ReadFile(BConfig.Listen.TrustCaFile)