AutoCert

2024-11-22 11:40:55 +00:00 · 2018-07-20 18:53:57 +02:00 · 2018-07-20 18:53:57 +02:00 · 38f9a3c49e
commit 38f9a3c49e
parent f18283a517
4 changed files with 152 additions and 4 deletions
--- a/app.go
+++ b/app.go
@ -30,6 +30,7 @@ import (
 	"github.com/astaxie/beego/grace"
 	"github.com/astaxie/beego/logs"
 	"github.com/astaxie/beego/utils"
+	"golang.org/x/crypto/acme/autocert"
 )

 var (
@ -125,7 +126,18 @@ func (app *App) Run(mws ...MiddleWare) {
 				server := grace.NewServer(httpsAddr, app.Handlers)
 				server.Server.ReadTimeout = app.Server.ReadTimeout
 				server.Server.WriteTimeout = app.Server.WriteTimeout
-				if BConfig.Listen.EnableMutualHTTPS {
+				if BConfig.Listen.AutoTLS {
+					m := autocert.Manager{
+						Prompt:     autocert.AcceptTOS,
+						HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...),
+						Cache:      autocert.DirCache(BConfig.Listen.TLSCacheDir),
+					}
+
+					app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate}
+
+					BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", ""
+
+				} else if BConfig.Listen.EnableMutualHTTPS {

 					if err := server.ListenAndServeMutualTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile, BConfig.Listen.TrustCaFile); err != nil {
 						logs.Critical("ListenAndServeTLS: ", err, fmt.Sprintf("%d", os.Getpid()))
@ -162,16 +174,28 @@ func (app *App) Run(mws ...MiddleWare) {

 	// run normal mode
 	if BConfig.Listen.EnableHTTPS || BConfig.Listen.EnableMutualHTTPS {
+
 		go func() {
 			time.Sleep(1000 * time.Microsecond)
 			if BConfig.Listen.HTTPSPort != 0 {
 				app.Server.Addr = fmt.Sprintf("%s:%d", BConfig.Listen.HTTPSAddr, BConfig.Listen.HTTPSPort)
 			} else if BConfig.Listen.EnableHTTP {
-				BeeLogger.Info("Start https server error, conflict with http.Please reset https port")
+				BeeLogger.Info("Start https server error, conflict with http. Please reset https port")
 				return
 			}
 			logs.Info("https server Running on https://%s", app.Server.Addr)
-			if BConfig.Listen.EnableMutualHTTPS {
+			if BConfig.Listen.AutoTLS {
+				m := autocert.Manager{
+					Prompt:     autocert.AcceptTOS,
+					HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...),
+					Cache:      autocert.DirCache(BConfig.Listen.TLSCacheDir),
+				}
+
+				app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate}
+
+				BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", ""
+
+			} else if BConfig.Listen.EnableMutualHTTPS {
 				pool := x509.NewCertPool()
 				data, err := ioutil.ReadFile(BConfig.Listen.TrustCaFile)
 				if err != nil {
@ -190,6 +214,7 @@ func (app *App) Run(mws ...MiddleWare) {
 				endRunning <- true
 			}
 		}()
+
 	}
 	if BConfig.Listen.EnableHTTP {
 		go func() {
--- a/auto_TLS.patch
+++ b/auto_TLS.patch
@ -0,0 +1,117 @@
+Index: app.go
+IDEA additional info:
+Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
+<+>UTF-8
+===================================================================
+--- app.go	(date 1532101275000)
+++ app.go	(date 1532105406000)
+@@ -30,6 +30,7 @@
+ 	"github.com/astaxie/beego/grace"
+ 	"github.com/astaxie/beego/logs"
+ 	"github.com/astaxie/beego/utils"
+	"golang.org/x/crypto/acme/autocert"
+ )
+ 
+ var (
+@@ -125,7 +126,18 @@
+ 				server := grace.NewServer(httpsAddr, app.Handlers)
+ 				server.Server.ReadTimeout = app.Server.ReadTimeout
+ 				server.Server.WriteTimeout = app.Server.WriteTimeout
+-				if BConfig.Listen.EnableMutualHTTPS {
+				if BConfig.Listen.AutoTLS {
+					m := autocert.Manager{
+						Prompt:     autocert.AcceptTOS,
+						HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...),
+						Cache:      autocert.DirCache(BConfig.Listen.TLSCacheDir),
+					}
+
+					app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate}
+
+					BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", ""
+
+				} else if BConfig.Listen.EnableMutualHTTPS {
+ 
+ 					if err := server.ListenAndServeMutualTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile, BConfig.Listen.TrustCaFile); err != nil {
+ 						logs.Critical("ListenAndServeTLS: ", err, fmt.Sprintf("%d", os.Getpid()))
+@@ -162,16 +174,28 @@
+ 
+ 	// run normal mode
+ 	if BConfig.Listen.EnableHTTPS || BConfig.Listen.EnableMutualHTTPS {
+
+ 		go func() {
+ 			time.Sleep(1000 * time.Microsecond)
+ 			if BConfig.Listen.HTTPSPort != 0 {
+ 				app.Server.Addr = fmt.Sprintf("%s:%d", BConfig.Listen.HTTPSAddr, BConfig.Listen.HTTPSPort)
+ 			} else if BConfig.Listen.EnableHTTP {
+-				BeeLogger.Info("Start https server error, conflict with http.Please reset https port")
+				BeeLogger.Info("Start https server error, conflict with http. Please reset https port")
+ 				return
+ 			}
+ 			logs.Info("https server Running on https://%s", app.Server.Addr)
+-			if BConfig.Listen.EnableMutualHTTPS {
+			if BConfig.Listen.AutoTLS {
+				m := autocert.Manager{
+					Prompt:     autocert.AcceptTOS,
+					HostPolicy: autocert.HostWhitelist(BConfig.Listen.Domains...),
+					Cache:      autocert.DirCache(BConfig.Listen.TLSCacheDir),
+				}
+
+				app.Server.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate}
+
+				BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile = "", ""
+
+			} else if BConfig.Listen.EnableMutualHTTPS {
+ 				pool := x509.NewCertPool()
+ 				data, err := ioutil.ReadFile(BConfig.Listen.TrustCaFile)
+ 				if err != nil {
+@@ -190,6 +214,7 @@
+ 				endRunning <- true
+ 			}
+ 		}()
+
+ 	}
+ 	if BConfig.Listen.EnableHTTP {
+ 		go func() {
+Index: controller.go
+IDEA additional info:
+Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
+<+>UTF-8
+===================================================================
+--- controller.go	(date 1532101275000)
+++ controller.go	(date 1532105474000)
+@@ -36,7 +36,7 @@
+ const (
+ 	applicationJSON = "application/json"
+ 	applicationXML  = "application/xml"
+-	applicationYAML  = "application/x-yaml"
+	applicationYAML = "application/x-yaml"
+ 	textXML         = "text/xml"
+ )
+ 
+Index: config.go
+IDEA additional info:
+Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
+<+>UTF-8
+===================================================================
+--- config.go	(date 1532101275000)
+++ config.go	(date 1532105364000)
+@@ -55,6 +55,9 @@
+ 	EnableHTTP        bool
+ 	HTTPAddr          string
+ 	HTTPPort          int
+	AutoTLS           bool
+	Domains           []string
+	TLSCacheDir       string
+ 	EnableHTTPS       bool
+ 	EnableMutualHTTPS bool
+ 	HTTPSAddr         string
+@@ -209,6 +212,9 @@
+ 			ServerTimeOut: 0,
+ 			ListenTCP4:    false,
+ 			EnableHTTP:    true,
+			AutoTLS:       false,
+			Domains:       []string{},
+			TLSCacheDir:   ".",
+ 			HTTPAddr:      "",
+ 			HTTPPort:      8080,
+ 			EnableHTTPS:   false,
--- a/config.go
+++ b/config.go
@ -55,6 +55,9 @@ type Listen struct {
 	EnableHTTP        bool
 	HTTPAddr          string
 	HTTPPort          int
+	AutoTLS           bool
+	Domains           []string
+	TLSCacheDir       string
 	EnableHTTPS       bool
 	EnableMutualHTTPS bool
 	HTTPSAddr         string
@ -209,6 +212,9 @@ func newBConfig() *Config {
 			ServerTimeOut: 0,
 			ListenTCP4:    false,
 			EnableHTTP:    true,
+			AutoTLS:       false,
+			Domains:       []string{},
+			TLSCacheDir:   ".",
 			HTTPAddr:      "",
 			HTTPPort:      8080,
 			EnableHTTPS:   false,
--- a/controller.go
+++ b/controller.go
@ -36,7 +36,7 @@ import (
 const (
 	applicationJSON = "application/json"
 	applicationXML  = "application/xml"
-	applicationYAML  = "application/x-yaml"
+	applicationYAML = "application/x-yaml"
 	textXML         = "text/xml"
 )