2017-08-01 11:22:09 -06:00
|
|
|
// Copyright 2017 The Go Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by the Apache 2.0
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
// +build autocert
|
|
|
|
|
|
|
|
// This file contains autocert and cloud.google.com/go/storage
|
|
|
|
// dependencies we want to hide by default from the Go build system,
|
|
|
|
// which currently doesn't know how to fetch non-golang.org/x/*
|
|
|
|
// dependencies. The Dockerfile builds the production binary
|
|
|
|
// with this code using --tags=autocert.
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"crypto/tls"
|
|
|
|
"log"
|
|
|
|
"net/http"
|
2018-06-20 10:33:51 -06:00
|
|
|
"strings"
|
2017-08-01 11:22:09 -06:00
|
|
|
|
|
|
|
"cloud.google.com/go/storage"
|
|
|
|
"golang.org/x/build/autocertcache"
|
|
|
|
"golang.org/x/crypto/acme/autocert"
|
|
|
|
)
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
runHTTPS = runHTTPSAutocert
|
2018-02-01 16:02:22 -07:00
|
|
|
certInit = certInitAutocert
|
|
|
|
wrapHTTPMux = wrapHTTPMuxAutocert
|
2017-08-01 11:22:09 -06:00
|
|
|
}
|
|
|
|
|
2018-02-01 16:02:22 -07:00
|
|
|
var autocertManager *autocert.Manager
|
|
|
|
|
|
|
|
func certInitAutocert() {
|
2017-08-01 11:22:09 -06:00
|
|
|
var cache autocert.Cache
|
|
|
|
if b := *autoCertCacheBucket; b != "" {
|
|
|
|
sc, err := storage.NewClient(context.Background())
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("storage.NewClient: %v", err)
|
|
|
|
}
|
|
|
|
cache = autocertcache.NewGoogleCloudStorageCache(sc, b)
|
|
|
|
}
|
2018-02-01 16:02:22 -07:00
|
|
|
autocertManager = &autocert.Manager{
|
2017-08-01 11:22:09 -06:00
|
|
|
Prompt: autocert.AcceptTOS,
|
2018-06-20 10:33:51 -06:00
|
|
|
HostPolicy: autocert.HostWhitelist(strings.Split(*autoCertDomain, ",")...),
|
2017-08-01 11:22:09 -06:00
|
|
|
Cache: cache,
|
|
|
|
}
|
2018-02-01 16:02:22 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
func runHTTPSAutocert(h http.Handler) error {
|
2017-08-01 11:22:09 -06:00
|
|
|
s := &http.Server{
|
2018-02-01 16:02:22 -07:00
|
|
|
Addr: ":https",
|
|
|
|
Handler: h,
|
|
|
|
TLSConfig: &tls.Config{
|
|
|
|
GetCertificate: autocertManager.GetCertificate,
|
|
|
|
},
|
2017-08-01 11:22:09 -06:00
|
|
|
}
|
|
|
|
return s.ListenAndServeTLS("", "")
|
|
|
|
}
|
2018-02-01 16:02:22 -07:00
|
|
|
|
|
|
|
func wrapHTTPMuxAutocert(h http.Handler) http.Handler {
|
|
|
|
return autocertManager.HTTPHandler(h)
|
|
|
|
}
|