diff options
| author | Steve Manuel <nilslice@gmail.com> | 2016-10-31 01:06:36 -0700 |
|---|---|---|
| committer | Steve Manuel <nilslice@gmail.com> | 2016-10-31 01:06:36 -0700 |
| commit | 76f1af6aad8de62f3df540767e713959c3385c01 (patch) | |
| tree | 5cb9c7184b94be344492d8fd89c7709a14ccaee9 /system/tls/enable.go | |
| parent | 519c5b44d0b36e1f61cb0228889401fa1e33357e (diff) | |
| parent | 12cd2d10d79b7b8f0666c7f3f145e773f6edaac5 (diff) | |
Merge branch 'ponzu-dev'
Diffstat (limited to 'system/tls/enable.go')
| -rw-r--r-- | system/tls/enable.go | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/system/tls/enable.go b/system/tls/enable.go new file mode 100644 index 0000000..c53fac6 --- /dev/null +++ b/system/tls/enable.go @@ -0,0 +1,79 @@ +package tls + +import ( + "crypto/tls" + "fmt" + "log" + "net/http" + "os" + "path/filepath" + "time" + + "github.com/bosssauce/ponzu/system/db" + + "golang.org/x/crypto/acme/autocert" +) + +var m autocert.Manager + +// setup attempts to locate or create the cert cache directory and the certs for TLS encryption +func setup() { + pwd, err := os.Getwd() + if err != nil { + log.Fatalln("Couldn't find working directory to locate or save certificates.") + } + + cache := autocert.DirCache(filepath.Join(pwd, "system", "tls", "certs")) + if _, err := os.Stat(string(cache)); os.IsNotExist(err) { + err := os.MkdirAll(string(cache), os.ModePerm|os.ModeDir) + if err != nil { + log.Fatalln("Couldn't create cert directory at", cache) + } + } + + // get host/domain and email from Config to use for TLS request to Let's encryption. + // we will fail fatally if either are not found since Let's Encrypt will rate-limit + // and sending incomplete requests is wasteful and guarenteed to fail its check + host, err := db.Config("domain") + if err != nil { + log.Fatalln("Error identifying host/domain during TLS set-up.", err) + } + + if host == nil { + log.Fatalln("No 'domain' field set in Configuration. Please add a domain before attempting to make certificates.") + } + fmt.Println("Using", host, "as host/domain for certificate...") + fmt.Println("NOTE: if the host/domain is not configured properly or is unreachable, HTTPS set-up will fail.") + + email, err := db.Config("admin_email") + if err != nil { + log.Fatalln("Error identifying admin email during TLS set-up.", err) + } + + if email == nil { + log.Fatalln("No 'admin_email' field set in Configuration. Please add an admin email before attempting to make certificates.") + } + fmt.Println("Using", email, "as contact email for certificate...") + + m = autocert.Manager{ + Prompt: autocert.AcceptTOS, + Cache: cache, + HostPolicy: autocert.HostWhitelist(string(host)), + RenewBefore: time.Hour * 24 * 30, + Email: string(email), + } + +} + +// Enable runs the setup for creating or locating certificates and starts the TLS server +func Enable() { + setup() + + server := &http.Server{ + Addr: ":443", + TLSConfig: &tls.Config{GetCertificate: m.GetCertificate}, + } + + go log.Fatalln(server.ListenAndServeTLS("", "")) + fmt.Println("Server listening for HTTPS requests...") +} |