mirror of
https://codeberg.org/Codeberg/pages-server.git
synced 2025-01-18 16:47:54 +00:00
Switch to HTTPS using a self-signed certificate
This commit is contained in:
parent
373c13baee
commit
13b386d442
2 changed files with 35 additions and 6 deletions
|
@ -1,15 +1,46 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/pem"
|
||||
"math/big"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
var fallbackCertKey, _ = rsa.GenerateKey(rand.Reader, 1024)
|
||||
var fallbackCertSpecification = &x509.Certificate{
|
||||
Subject: pkix.Name{
|
||||
CommonName: strings.TrimPrefix(string(MainDomainSuffix), "."),
|
||||
},
|
||||
SerialNumber: big.NewInt(0),
|
||||
NotBefore: time.Now(),
|
||||
NotAfter: time.Now().AddDate(100, 0, 0),
|
||||
}
|
||||
var fallbackCertBytes, _ = x509.CreateCertificate(
|
||||
rand.Reader,
|
||||
fallbackCertSpecification,
|
||||
fallbackCertSpecification,
|
||||
fallbackCertKey.Public(),
|
||||
fallbackCertKey,
|
||||
)
|
||||
var fallbackCert, _ = tls.X509KeyPair(pem.EncodeToMemory(&pem.Block{
|
||||
Bytes: fallbackCertBytes,
|
||||
Type: "CERTIFICATE",
|
||||
}), pem.EncodeToMemory(&pem.Block{
|
||||
Bytes: x509.MarshalPKCS1PrivateKey(fallbackCertKey),
|
||||
Type: "RSA PRIVATE KEY",
|
||||
}))
|
||||
|
||||
// tlsConfig contains the configuration for generating, serving and cleaning up Let's Encrypt certificates.
|
||||
var tlsConfig = &tls.Config{
|
||||
GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||
// TODO: check DNS name & get certificate from Let's Encrypt
|
||||
return nil, fmt.Errorf("NYI")
|
||||
return &fallbackCert, nil
|
||||
},
|
||||
PreferServerCipherSuites: true,
|
||||
// TODO: optimize cipher suites, minimum TLS version, etc.
|
||||
|
|
6
main.go
6
main.go
|
@ -80,7 +80,7 @@ func main() {
|
|||
|
||||
// Use HOST and PORT environment variables to determine listening address
|
||||
address := fmt.Sprintf("%s:%s", envOr("HOST", "[::]"), envOr("PORT", "80"))
|
||||
fmt.Printf("Listening on http://%s\n", address)
|
||||
fmt.Printf("Listening on https://%s\n", address)
|
||||
|
||||
// Enable compression by wrapping the handler() method with the compression function provided by FastHTTP
|
||||
compressedHandler := fasthttp.CompressHandlerBrotliLevel(handler, fasthttp.CompressBrotliBestSpeed, fasthttp.CompressBestSpeed)
|
||||
|
@ -91,9 +91,7 @@ func main() {
|
|||
fmt.Printf("Couldn't create listener: %s\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
if envOr("LETS_ENCRYPT", "0") == "1" {
|
||||
tls.NewListener(listener, tlsConfig)
|
||||
}
|
||||
listener = tls.NewListener(listener, tlsConfig)
|
||||
|
||||
// Start the web server
|
||||
err = (&fasthttp.Server{
|
||||
|
|
Loading…
Reference in a new issue