summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorCristian Le <github@lecris.me>2022-02-08 14:45:35 +0900
committerGitHub <noreply@github.com>2022-02-08 13:45:35 +0800
commit60f203385e6f27fae47f3cc8c5d71309f4fd88dc (patch)
tree3be2a41b96ab7ab0419e0e63676a5fc16e20cd7d /modules
parenta60e8be8d15e90a44f2a746a4e8d81a81e03d2db (diff)
downloadgitea-60f203385e6f27fae47f3cc8c5d71309f4fd88dc.tar.gz
gitea-60f203385e6f27fae47f3cc8c5d71309f4fd88dc.zip
Support custom ACME provider (#18340)
* Added ACMECAURL option to support custom ACME provider. Closes #18306 * Refactor setting.go https settings, renamed options and variables, and documented app.example.ini * Refactored runLetsEncrypt to runACME * Improved documentation
Diffstat (limited to 'modules')
-rw-r--r--modules/setting/setting.go74
1 files changed, 52 insertions, 22 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index ee2821df07..531d265c3a 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -108,10 +108,12 @@ var (
UnixSocketPermission uint32
EnablePprof bool
PprofDataPath string
- EnableLetsEncrypt bool
- LetsEncryptTOS bool
- LetsEncryptDirectory string
- LetsEncryptEmail string
+ EnableAcme bool
+ AcmeTOS bool
+ AcmeLiveDirectory string
+ AcmeEmail string
+ AcmeURL string
+ AcmeCARoot string
SSLMinimumVersion string
SSLMaximumVersion string
SSLCurvePreferences []string
@@ -622,14 +624,54 @@ func loadFromConf(allowEmpty bool, extraConfig string) {
switch protocolCfg {
case "https":
Protocol = HTTPS
- CertFile = sec.Key("CERT_FILE").String()
- KeyFile = sec.Key("KEY_FILE").String()
- if !filepath.IsAbs(CertFile) && len(CertFile) > 0 {
- CertFile = filepath.Join(CustomPath, CertFile)
+ // FIXME: DEPRECATED to be removed in v1.18.0
+ if sec.HasKey("ENABLE_ACME") {
+ EnableAcme = sec.Key("ENABLE_ACME").MustBool(false)
+ } else {
+ deprecatedSetting("server", "ENABLE_LETSENCRYPT", "server", "ENABLE_ACME")
+ EnableAcme = sec.Key("ENABLE_LETSENCRYPT").MustBool(false)
}
- if !filepath.IsAbs(KeyFile) && len(KeyFile) > 0 {
- KeyFile = filepath.Join(CustomPath, KeyFile)
+ if EnableAcme {
+ AcmeURL = sec.Key("ACME_URL").MustString("")
+ AcmeCARoot = sec.Key("ACME_CA_ROOT").MustString("")
+ // FIXME: DEPRECATED to be removed in v1.18.0
+ if sec.HasKey("ACME_ACCEPTTOS") {
+ AcmeTOS = sec.Key("ACME_ACCEPTTOS").MustBool(false)
+ } else {
+ deprecatedSetting("server", "LETSENCRYPT_ACCEPTTOS", "server", "ACME_ACCEPTTOS")
+ AcmeTOS = sec.Key("LETSENCRYPT_ACCEPTTOS").MustBool(false)
+ }
+ if !AcmeTOS {
+ log.Fatal("ACME TOS is not accepted (ACME_ACCEPTTOS).")
+ }
+ // FIXME: DEPRECATED to be removed in v1.18.0
+ if sec.HasKey("ACME_DIRECTORY") {
+ AcmeLiveDirectory = sec.Key("ACME_DIRECTORY").MustString("https")
+ } else {
+ deprecatedSetting("server", "LETSENCRYPT_DIRECTORY", "server", "ACME_DIRECTORY")
+ AcmeLiveDirectory = sec.Key("LETSENCRYPT_DIRECTORY").MustString("https")
+ }
+ // FIXME: DEPRECATED to be removed in v1.18.0
+ if sec.HasKey("ACME_EMAIL") {
+ AcmeEmail = sec.Key("ACME_EMAIL").MustString("")
+ } else {
+ deprecatedSetting("server", "LETSENCRYPT_EMAIL", "server", "ACME_EMAIL")
+ AcmeEmail = sec.Key("LETSENCRYPT_EMAIL").MustString("")
+ }
+ } else {
+ CertFile = sec.Key("CERT_FILE").String()
+ KeyFile = sec.Key("KEY_FILE").String()
+ if len(CertFile) > 0 && !filepath.IsAbs(CertFile) {
+ CertFile = filepath.Join(CustomPath, CertFile)
+ }
+ if len(KeyFile) > 0 && !filepath.IsAbs(KeyFile) {
+ KeyFile = filepath.Join(CustomPath, KeyFile)
+ }
}
+ SSLMinimumVersion = sec.Key("SSL_MIN_VERSION").MustString("")
+ SSLMaximumVersion = sec.Key("SSL_MAX_VERSION").MustString("")
+ SSLCurvePreferences = sec.Key("SSL_CURVE_PREFERENCES").Strings(",")
+ SSLCipherSuites = sec.Key("SSL_CIPHER_SUITES").Strings(",")
case "fcgi":
Protocol = FCGI
case "fcgi+unix", "unix", "http+unix":
@@ -653,18 +695,6 @@ func loadFromConf(allowEmpty bool, extraConfig string) {
HTTPAddr = filepath.Join(AppWorkPath, HTTPAddr)
}
}
- EnableLetsEncrypt = sec.Key("ENABLE_LETSENCRYPT").MustBool(false)
- LetsEncryptTOS = sec.Key("LETSENCRYPT_ACCEPTTOS").MustBool(false)
- if !LetsEncryptTOS && EnableLetsEncrypt {
- log.Warn("Failed to enable Let's Encrypt due to Let's Encrypt TOS not being accepted")
- EnableLetsEncrypt = false
- }
- LetsEncryptDirectory = sec.Key("LETSENCRYPT_DIRECTORY").MustString("https")
- LetsEncryptEmail = sec.Key("LETSENCRYPT_EMAIL").MustString("")
- SSLMinimumVersion = sec.Key("SSL_MIN_VERSION").MustString("")
- SSLMaximumVersion = sec.Key("SSL_MAX_VERSION").MustString("")
- SSLCurvePreferences = sec.Key("SSL_CURVE_PREFERENCES").Strings(",")
- SSLCipherSuites = sec.Key("SSL_CIPHER_SUITES").Strings(",")
GracefulRestartable = sec.Key("ALLOW_GRACEFUL_RESTARTS").MustBool(true)
GracefulHammerTime = sec.Key("GRACEFUL_HAMMER_TIME").MustDuration(60 * time.Second)
StartupTimeout = sec.Key("STARTUP_TIMEOUT").MustDuration(0 * time.Second)