mirror of
https://github.com/astaxie/beego.git
synced 2024-11-26 02:01:28 +00:00
AutoCert
This commit is contained in:
parent
f18283a517
commit
38f9a3c49e
31
app.go
31
app.go
@ -30,6 +30,7 @@ import (
|
|||||||
"github.com/astaxie/beego/grace"
|
"github.com/astaxie/beego/grace"
|
||||||
"github.com/astaxie/beego/logs"
|
"github.com/astaxie/beego/logs"
|
||||||
"github.com/astaxie/beego/utils"
|
"github.com/astaxie/beego/utils"
|
||||||
|
"golang.org/x/crypto/acme/autocert"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -125,7 +126,18 @@ func (app *App) Run(mws ...MiddleWare) {
|
|||||||
server := grace.NewServer(httpsAddr, app.Handlers)
|
server := grace.NewServer(httpsAddr, app.Handlers)
|
||||||
server.Server.ReadTimeout = app.Server.ReadTimeout
|
server.Server.ReadTimeout = app.Server.ReadTimeout
|
||||||
server.Server.WriteTimeout = app.Server.WriteTimeout
|
server.Server.WriteTimeout = app.Server.WriteTimeout
|
||||||
if BConfig.Listen.EnableMutualHTTPS {
|
if BConfig.Listen.AutoTLS {
|
||||||
|
m := autocert.Manager{
|
||||||
|
Prompt: autocert.AcceptTOS,
|
||||||
|
HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...),
|
||||||
|
Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir),
|
||||||
|
}
|
||||||
|
|
||||||
|
app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate}
|
||||||
|
|
||||||
|
BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", ""
|
||||||
|
|
||||||
|
} else if BConfig.Listen.EnableMutualHTTPS {
|
||||||
|
|
||||||
if err := server.ListenAndServeMutualTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile, BConfig.Listen.TrustCaFile); err != nil {
|
if err := server.ListenAndServeMutualTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile, BConfig.Listen.TrustCaFile); err != nil {
|
||||||
logs.Critical("ListenAndServeTLS: ", err, fmt.Sprintf("%d", os.Getpid()))
|
logs.Critical("ListenAndServeTLS: ", err, fmt.Sprintf("%d", os.Getpid()))
|
||||||
@ -162,16 +174,28 @@ func (app *App) Run(mws ...MiddleWare) {
|
|||||||
|
|
||||||
// run normal mode
|
// run normal mode
|
||||||
if BConfig.Listen.EnableHTTPS || BConfig.Listen.EnableMutualHTTPS {
|
if BConfig.Listen.EnableHTTPS || BConfig.Listen.EnableMutualHTTPS {
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
time.Sleep(1000 * time.Microsecond)
|
time.Sleep(1000 * time.Microsecond)
|
||||||
if BConfig.Listen.HTTPSPort != 0 {
|
if BConfig.Listen.HTTPSPort != 0 {
|
||||||
app.Server.Addr = fmt.Sprintf("%s:%d", BConfig.Listen.HTTPSAddr, BConfig.Listen.HTTPSPort)
|
app.Server.Addr = fmt.Sprintf("%s:%d", BConfig.Listen.HTTPSAddr, BConfig.Listen.HTTPSPort)
|
||||||
} else if BConfig.Listen.EnableHTTP {
|
} else if BConfig.Listen.EnableHTTP {
|
||||||
BeeLogger.Info("Start https server error, conflict with http.Please reset https port")
|
BeeLogger.Info("Start https server error, conflict with http. Please reset https port")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
logs.Info("https server Running on https://%s", app.Server.Addr)
|
logs.Info("https server Running on https://%s", app.Server.Addr)
|
||||||
if BConfig.Listen.EnableMutualHTTPS {
|
if BConfig.Listen.AutoTLS {
|
||||||
|
m := autocert.Manager{
|
||||||
|
Prompt: autocert.AcceptTOS,
|
||||||
|
HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...),
|
||||||
|
Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir),
|
||||||
|
}
|
||||||
|
|
||||||
|
app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate}
|
||||||
|
|
||||||
|
BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", ""
|
||||||
|
|
||||||
|
} else if BConfig.Listen.EnableMutualHTTPS {
|
||||||
pool := x509.NewCertPool()
|
pool := x509.NewCertPool()
|
||||||
data, err := ioutil.ReadFile(BConfig.Listen.TrustCaFile)
|
data, err := ioutil.ReadFile(BConfig.Listen.TrustCaFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -190,6 +214,7 @@ func (app *App) Run(mws ...MiddleWare) {
|
|||||||
endRunning <- true
|
endRunning <- true
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
}
|
}
|
||||||
if BConfig.Listen.EnableHTTP {
|
if BConfig.Listen.EnableHTTP {
|
||||||
go func() {
|
go func() {
|
||||||
|
117
auto_TLS.patch
Normal file
117
auto_TLS.patch
Normal file
@ -0,0 +1,117 @@
|
|||||||
|
Index: app.go
|
||||||
|
IDEA additional info:
|
||||||
|
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
|
||||||
|
<+>UTF-8
|
||||||
|
===================================================================
|
||||||
|
--- app.go (date 1532101275000)
|
||||||
|
+++ app.go (date 1532105406000)
|
||||||
|
@@ -30,6 +30,7 @@
|
||||||
|
"github.com/astaxie/beego/grace"
|
||||||
|
"github.com/astaxie/beego/logs"
|
||||||
|
"github.com/astaxie/beego/utils"
|
||||||
|
+ "golang.org/x/crypto/acme/autocert"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
@@ -125,7 +126,18 @@
|
||||||
|
server := grace.NewServer(httpsAddr, app.Handlers)
|
||||||
|
server.Server.ReadTimeout = app.Server.ReadTimeout
|
||||||
|
server.Server.WriteTimeout = app.Server.WriteTimeout
|
||||||
|
- if BConfig.Listen.EnableMutualHTTPS {
|
||||||
|
+ if BConfig.Listen.AutoTLS {
|
||||||
|
+ m := autocert.Manager{
|
||||||
|
+ Prompt: autocert.AcceptTOS,
|
||||||
|
+ HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...),
|
||||||
|
+ Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir),
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate}
|
||||||
|
+
|
||||||
|
+ BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", ""
|
||||||
|
+
|
||||||
|
+ } else if BConfig.Listen.EnableMutualHTTPS {
|
||||||
|
|
||||||
|
if err := server.ListenAndServeMutualTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile, BConfig.Listen.TrustCaFile); err != nil {
|
||||||
|
logs.Critical("ListenAndServeTLS: ", err, fmt.Sprintf("%d", os.Getpid()))
|
||||||
|
@@ -162,16 +174,28 @@
|
||||||
|
|
||||||
|
// run normal mode
|
||||||
|
if BConfig.Listen.EnableHTTPS || BConfig.Listen.EnableMutualHTTPS {
|
||||||
|
+
|
||||||
|
go func() {
|
||||||
|
time.Sleep(1000 * time.Microsecond)
|
||||||
|
if BConfig.Listen.HTTPSPort != 0 {
|
||||||
|
app.Server.Addr = fmt.Sprintf("%s:%d", BConfig.Listen.HTTPSAddr, BConfig.Listen.HTTPSPort)
|
||||||
|
} else if BConfig.Listen.EnableHTTP {
|
||||||
|
- BeeLogger.Info("Start https server error, conflict with http.Please reset https port")
|
||||||
|
+ BeeLogger.Info("Start https server error, conflict with http. Please reset https port")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
logs.Info("https server Running on https://%s", app.Server.Addr)
|
||||||
|
- if BConfig.Listen.EnableMutualHTTPS {
|
||||||
|
+ if BConfig.Listen.AutoTLS {
|
||||||
|
+ m := autocert.Manager{
|
||||||
|
+ Prompt: autocert.AcceptTOS,
|
||||||
|
+ HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...),
|
||||||
|
+ Cache: autocert.DirCache(BConfig.Listen.TLSCacheDir),
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate}
|
||||||
|
+
|
||||||
|
+ BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", ""
|
||||||
|
+
|
||||||
|
+ } else if BConfig.Listen.EnableMutualHTTPS {
|
||||||
|
pool := x509.NewCertPool()
|
||||||
|
data, err := ioutil.ReadFile(BConfig.Listen.TrustCaFile)
|
||||||
|
if err != nil {
|
||||||
|
@@ -190,6 +214,7 @@
|
||||||
|
endRunning <- true
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
+
|
||||||
|
}
|
||||||
|
if BConfig.Listen.EnableHTTP {
|
||||||
|
go func() {
|
||||||
|
Index: controller.go
|
||||||
|
IDEA additional info:
|
||||||
|
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
|
||||||
|
<+>UTF-8
|
||||||
|
===================================================================
|
||||||
|
--- controller.go (date 1532101275000)
|
||||||
|
+++ controller.go (date 1532105474000)
|
||||||
|
@@ -36,7 +36,7 @@
|
||||||
|
const (
|
||||||
|
applicationJSON = "application/json"
|
||||||
|
applicationXML = "application/xml"
|
||||||
|
- applicationYAML = "application/x-yaml"
|
||||||
|
+ applicationYAML = "application/x-yaml"
|
||||||
|
textXML = "text/xml"
|
||||||
|
)
|
||||||
|
|
||||||
|
Index: config.go
|
||||||
|
IDEA additional info:
|
||||||
|
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
|
||||||
|
<+>UTF-8
|
||||||
|
===================================================================
|
||||||
|
--- config.go (date 1532101275000)
|
||||||
|
+++ config.go (date 1532105364000)
|
||||||
|
@@ -55,6 +55,9 @@
|
||||||
|
EnableHTTP bool
|
||||||
|
HTTPAddr string
|
||||||
|
HTTPPort int
|
||||||
|
+ AutoTLS bool
|
||||||
|
+ Domains []string
|
||||||
|
+ TLSCacheDir string
|
||||||
|
EnableHTTPS bool
|
||||||
|
EnableMutualHTTPS bool
|
||||||
|
HTTPSAddr string
|
||||||
|
@@ -209,6 +212,9 @@
|
||||||
|
ServerTimeOut: 0,
|
||||||
|
ListenTCP4: false,
|
||||||
|
EnableHTTP: true,
|
||||||
|
+ AutoTLS: false,
|
||||||
|
+ Domains: []string{},
|
||||||
|
+ TLSCacheDir: ".",
|
||||||
|
HTTPAddr: "",
|
||||||
|
HTTPPort: 8080,
|
||||||
|
EnableHTTPS: false,
|
@ -55,6 +55,9 @@ type Listen struct {
|
|||||||
EnableHTTP bool
|
EnableHTTP bool
|
||||||
HTTPAddr string
|
HTTPAddr string
|
||||||
HTTPPort int
|
HTTPPort int
|
||||||
|
AutoTLS bool
|
||||||
|
Domains []string
|
||||||
|
TLSCacheDir string
|
||||||
EnableHTTPS bool
|
EnableHTTPS bool
|
||||||
EnableMutualHTTPS bool
|
EnableMutualHTTPS bool
|
||||||
HTTPSAddr string
|
HTTPSAddr string
|
||||||
@ -209,6 +212,9 @@ func newBConfig() *Config {
|
|||||||
ServerTimeOut: 0,
|
ServerTimeOut: 0,
|
||||||
ListenTCP4: false,
|
ListenTCP4: false,
|
||||||
EnableHTTP: true,
|
EnableHTTP: true,
|
||||||
|
AutoTLS: false,
|
||||||
|
Domains: []string{},
|
||||||
|
TLSCacheDir: ".",
|
||||||
HTTPAddr: "",
|
HTTPAddr: "",
|
||||||
HTTPPort: 8080,
|
HTTPPort: 8080,
|
||||||
EnableHTTPS: false,
|
EnableHTTPS: false,
|
||||||
|
Loading…
Reference in New Issue
Block a user