mirrors
/
gitea
peilaus alkaen https://github.com/go-gitea/gitea.git
Tarkkaile 1
Äänestä 0
Fork 0
Koodi Ongelmat 0 Julkaisut 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11351 Commitit
17 Branchit
Puu: 7417628f8d
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '7417628f8d'
${ noResults }
gitea/cmd/web_letsencrypt.go

web_letsencrypt.go 2.4KB
Raaka Blame Historia

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. // Copyright 2020 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package cmd

  6. 

  7. import (

  8. 	"net/http"

  9. 	"strings"

  10. 

  11. 	"code.gitea.io/gitea/modules/log"

  12. 	"code.gitea.io/gitea/modules/setting"

  13. 

  14. 	"github.com/caddyserver/certmagic"

  15. 	context2 "github.com/gorilla/context"

  16. )

  17. 

  18. func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {

  19. 

  20. 	// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.

  21. 	// Due to docker port mapping this can't be checked programatically

  22. 	// TODO: these are placeholders until we add options for each in settings with appropriate warning

  23. 	enableHTTPChallenge := true

  24. 	enableTLSALPNChallenge := true

  25. 

  26. 	magic := certmagic.NewDefault()

  27. 	magic.Storage = &certmagic.FileStorage{Path: directory}

  28. 	myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{

  29. 		Email:                   email,

  30. 		Agreed:                  setting.LetsEncryptTOS,

  31. 		DisableHTTPChallenge:    !enableHTTPChallenge,

  32. 		DisableTLSALPNChallenge: !enableTLSALPNChallenge,

  33. 	})

  34. 

  35. 	magic.Issuer = myACME

  36. 

  37. 	// this obtains certificates or renews them if necessary

  38. 	err := magic.ManageSync([]string{domain})

  39. 	if err != nil {

  40. 		return err

  41. 	}

  42. 

  43. 	tlsConfig := magic.TLSConfig()

  44. 

  45. 	if enableHTTPChallenge {

  46. 		go func() {

  47. 			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)

  48. 			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)

  49. 			var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))

  50. 			if err != nil {

  51. 				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)

  52. 			}

  53. 		}()

  54. 	}

  55. 

  56. 	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, context2.ClearHandler(m))

  57. }

  58. 

  59. func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {

  60. 	if r.Method != "GET" && r.Method != "HEAD" {

  61. 		http.Error(w, "Use HTTPS", http.StatusBadRequest)

  62. 		return

  63. 	}

  64. 	// Remove the trailing slash at the end of setting.AppURL, the request

  65. 	// URI always contains a leading slash, which would result in a double

  66. 	// slash

  67. 	target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()

  68. 	http.Redirect(w, r, target, http.StatusFound)

  69. }