mirror of
https://codeberg.org/Codeberg/pages-server.git
synced 2024-11-18 10:29:43 +00:00
Add EAB for ACME
This commit is contained in:
parent
d1ed16c0f2
commit
fcccd6435a
3 changed files with 18 additions and 5 deletions
|
@ -8,6 +8,7 @@
|
||||||
- `REDIRECT_RAW_INFO` (default: https://docs.codeberg.org/pages/raw-content/): info page for raw resources, shown if no resource is provided.
|
- `REDIRECT_RAW_INFO` (default: https://docs.codeberg.org/pages/raw-content/): info page for raw resources, shown if no resource is provided.
|
||||||
- `ACME_API` (default: https://acme.zerossl.com/v2/DV90): set this to https://acme.mock.director to use invalid certificates without any verification (great for debugging). ZeroSSL is used as it doesn't have rate limits and doesn't clash with the official Codeberg certificates (which are using Let's Encrypt).
|
- `ACME_API` (default: https://acme.zerossl.com/v2/DV90): set this to https://acme.mock.director to use invalid certificates without any verification (great for debugging). ZeroSSL is used as it doesn't have rate limits and doesn't clash with the official Codeberg certificates (which are using Let's Encrypt).
|
||||||
- `ACME_EMAIL` (default: `noreply@example.email`): Set this to "true" to accept the Terms of Service of your ACME provider.
|
- `ACME_EMAIL` (default: `noreply@example.email`): Set this to "true" to accept the Terms of Service of your ACME provider.
|
||||||
|
- `ACME_EAB_KID` & `ACME_EAB_HMAC` (default: don't use EAB): EAB credentials, for example for ZeroSSL.
|
||||||
- `ACME_ACCEPT_TERMS` (default: use self-signed certificate): Set this to "true" to accept the Terms of Service of your ACME provider.
|
- `ACME_ACCEPT_TERMS` (default: use self-signed certificate): Set this to "true" to accept the Terms of Service of your ACME provider.
|
||||||
- `DNS_PROVIDER` (default: use self-signed certificate): Code of the ACME DNS provider for the main domain wildcard.
|
- `DNS_PROVIDER` (default: use self-signed certificate): Code of the ACME DNS provider for the main domain wildcard.
|
||||||
See https://go-acme.github.io/lego/dns/ for available values & additional environment variables.
|
See https://go-acme.github.io/lego/dns/ for available values & additional environment variables.
|
||||||
|
|
|
@ -204,11 +204,23 @@ func newAcmeClient(configureChallenge func(*resolver.SolverManager) error) *lego
|
||||||
}
|
}
|
||||||
|
|
||||||
// accept terms
|
// accept terms
|
||||||
|
if os.Getenv("ACME_EAB_KID") == "" || os.Getenv("ACME_EAB_HMAC") == "" {
|
||||||
reg, err := acmeClient.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: os.Getenv("ACME_ACCEPT_TERMS") == "true"})
|
reg, err := acmeClient.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: os.Getenv("ACME_ACCEPT_TERMS") == "true"})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
myUser.Registration = reg
|
myUser.Registration = reg
|
||||||
|
} else {
|
||||||
|
reg, err := acmeClient.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
|
||||||
|
TermsOfServiceAgreed: os.Getenv("ACME_ACCEPT_TERMS") == "true",
|
||||||
|
Kid: os.Getenv("ACME_EAB_KID"),
|
||||||
|
HmacEncoded: os.Getenv("ACME_EAB_HMAC"),
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
myUser.Registration = reg
|
||||||
|
}
|
||||||
|
|
||||||
return acmeClient
|
return acmeClient
|
||||||
}
|
}
|
||||||
|
|
|
@ -148,7 +148,7 @@ func handler(ctx *fasthttp.RequestCtx) {
|
||||||
targetOwner = pathElements[0]
|
targetOwner = pathElements[0]
|
||||||
targetRepo = pathElements[1]
|
targetRepo = pathElements[1]
|
||||||
|
|
||||||
// raw.codeberg.page/example/myrepo/@main/index.html
|
// raw.codeberg.org/example/myrepo/@main/index.html
|
||||||
if len(pathElements) > 2 && strings.HasPrefix(pathElements[2], "@") {
|
if len(pathElements) > 2 && strings.HasPrefix(pathElements[2], "@") {
|
||||||
s.Step("raw domain preparations, now trying with specified branch")
|
s.Step("raw domain preparations, now trying with specified branch")
|
||||||
if tryBranch(targetRepo, pathElements[2][1:], pathElements[3:],
|
if tryBranch(targetRepo, pathElements[2][1:], pathElements[3:],
|
||||||
|
|
Loading…
Reference in a new issue