Initialize certmagic in Server.Start
This allows directives to change ACMEConfig or ACMEManager before the server is started.
This commit is contained in:
Simon Ser
parent
90ac861b52
commit
ac17fe976b
44
server.go
44
server.go
|
|
@ -16,6 +16,21 @@ import (
|
||||||
"github.com/pires/go-proxyproto/tlvparse"
|
"github.com/pires/go-proxyproto/tlvparse"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type acmeCache struct {
|
||||||
|
config *certmagic.Config
|
||||||
|
cache *certmagic.Cache
|
||||||
|
}
|
||||||
|
|
||||||
|
func newACMECache() *acmeCache {
|
||||||
|
cache := &acmeCache{}
|
||||||
|
cache.cache = certmagic.NewCache(certmagic.CacheOptions{
|
||||||
|
GetConfigForCert: func(certmagic.Certificate) (*certmagic.Config, error) {
|
||||||
|
return cache.config, nil
|
||||||
|
},
|
||||||
|
})
|
||||||
|
return cache
|
||||||
|
}
|
||||||
|
|
||||||
type Server struct {
|
type Server struct {
|
||||||
Listeners map[string]*Listener // indexed by listening address
|
Listeners map[string]*Listener // indexed by listening address
|
||||||
Frontends []*Frontend
|
Frontends []*Frontend
|
||||||
|
|
@ -26,23 +41,23 @@ type Server struct {
|
||||||
ACMEManager *certmagic.ACMEManager
|
ACMEManager *certmagic.ACMEManager
|
||||||
ACMEConfig *certmagic.Config
|
ACMEConfig *certmagic.Config
|
||||||
|
|
||||||
|
acmeCache *acmeCache
|
||||||
cancelACME context.CancelFunc
|
cancelACME context.CancelFunc
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewServer() *Server {
|
func NewServer() *Server {
|
||||||
cfg := certmagic.NewDefault()
|
// Make a copy of the defaults
|
||||||
|
acmeConfig := certmagic.Default
|
||||||
|
acmeManager := certmagic.DefaultACME
|
||||||
|
|
||||||
mgr := certmagic.NewACMEManager(cfg, certmagic.DefaultACME)
|
acmeManager.Agreed = true
|
||||||
mgr.Agreed = true
|
|
||||||
// We're a TLS server, we don't speak HTTP
|
// We're a TLS server, we don't speak HTTP
|
||||||
mgr.DisableHTTPChallenge = true
|
acmeManager.DisableHTTPChallenge = true
|
||||||
cfg.Issuer = mgr
|
|
||||||
cfg.Revoker = mgr
|
|
||||||
|
|
||||||
return &Server{
|
return &Server{
|
||||||
Listeners: make(map[string]*Listener),
|
Listeners: make(map[string]*Listener),
|
||||||
ACMEManager: mgr,
|
ACMEManager: &acmeManager,
|
||||||
ACMEConfig: cfg,
|
ACMEConfig: &acmeConfig,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -64,6 +79,14 @@ func (srv *Server) startACME() error {
|
||||||
var ctx context.Context
|
var ctx context.Context
|
||||||
ctx, srv.cancelACME = context.WithCancel(context.Background())
|
ctx, srv.cancelACME = context.WithCancel(context.Background())
|
||||||
|
|
||||||
|
srv.ACMEConfig = certmagic.New(srv.acmeCache.cache, *srv.ACMEConfig)
|
||||||
|
srv.ACMEManager = certmagic.NewACMEManager(srv.ACMEConfig, *srv.ACMEManager)
|
||||||
|
|
||||||
|
srv.ACMEConfig.Issuer = srv.ACMEManager
|
||||||
|
srv.ACMEConfig.Revoker = srv.ACMEManager
|
||||||
|
|
||||||
|
srv.acmeCache.config = srv.ACMEConfig
|
||||||
|
|
||||||
for _, cert := range srv.UnmanagedCerts {
|
for _, cert := range srv.UnmanagedCerts {
|
||||||
if err := srv.ACMEConfig.CacheUnmanagedTLSCertificate(cert, nil); err != nil {
|
if err := srv.ACMEConfig.CacheUnmanagedTLSCertificate(cert, nil); err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
@ -78,6 +101,8 @@ func (srv *Server) startACME() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (srv *Server) Start() error {
|
func (srv *Server) Start() error {
|
||||||
|
srv.acmeCache = newACMECache()
|
||||||
|
|
||||||
if err := srv.startACME(); err != nil {
|
if err := srv.startACME(); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
@ -115,6 +140,9 @@ func (srv *Server) Replace(old *Server) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Steal the old server's ACME cache
|
||||||
|
srv.acmeCache = old.acmeCache
|
||||||
|
|
||||||
// Restart ACME
|
// Restart ACME
|
||||||
old.cancelACME()
|
old.cancelACME()
|
||||||
if err := srv.startACME(); err != nil {
|
if err := srv.startACME(); err != nil {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue