Fix bound address/port for caddy's certmagic library (#15758) (#15848)

Backport #15758

* Fix bound address/port for caddy's certmagic library

* Fix bug

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Blake Miner <miner.blake@gmail.com>

diff --git a/cmd/web_letsencrypt.go b/cmd/web_letsencrypt.go
index 7754393729173125cef833dd811fdc084442ffc0..6c48d3e854fd026d021b0c15cbe08851792436c5 100644 (file)
--- a/cmd/web_letsencrypt.go
+++ b/cmd/web_letsencrypt.go
@@ -6,6 +6,7 @@ package cmd
 
 import (
        "net/http"
+       "strconv"
        "strings"
 
        "code.gitea.io/gitea/modules/log"
@@ -22,6 +23,11 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
        // TODO: these are placeholders until we add options for each in settings with appropriate warning
        enableHTTPChallenge := true
        enableTLSALPNChallenge := true
+       altHTTPPort := 0
+
+       if p, err := strconv.Atoi(setting.PortToRedirect); err == nil {
+               altHTTPPort = p
+       }
 
        magic := certmagic.NewDefault()
        magic.Storage = &certmagic.FileStorage{Path: directory}
@@ -30,6 +36,8 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
                Agreed:                  setting.LetsEncryptTOS,
                DisableHTTPChallenge:    !enableHTTPChallenge,
                DisableTLSALPNChallenge: !enableTLSALPNChallenge,
+               ListenHost:              listenAddr,
+               AltHTTPPort:             altHTTPPort,
        })
 
        magic.Issuer = myACME