60 lines
1.4 KiB
Go
60 lines
1.4 KiB
Go
package server
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
|
|
"git.kingecg.top/kingecg/gohttpd/utils"
|
|
"git.kingecg.top/kingecg/gologger"
|
|
"golang.org/x/crypto/acme"
|
|
"golang.org/x/crypto/acme/autocert"
|
|
)
|
|
|
|
type LocalCertManager struct {
|
|
*autocert.Manager
|
|
}
|
|
|
|
func (l *LocalCertManager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
|
logger := gologger.GetLogger("autocert")
|
|
logger.Debug("GetCertificate")
|
|
cert, err := l.Manager.GetCertificate(hello)
|
|
if err != nil {
|
|
logger.Error("GetCertificate", err)
|
|
return nil, err
|
|
}
|
|
return cert, nil
|
|
}
|
|
func (l *LocalCertManager) TLSConfig() *tls.Config {
|
|
return &tls.Config{
|
|
GetCertificate: l.GetCertificate,
|
|
NextProtos: []string{
|
|
"h2", "http/1.1", // enable HTTP/2
|
|
acme.ALPNProto, // enable tls-alpn ACME challenges
|
|
},
|
|
MinVersion: tls.VersionTLS10, // minimum TLS version
|
|
}
|
|
}
|
|
|
|
var CertManager *LocalCertManager
|
|
|
|
func InitCertManager(certDir string) {
|
|
logger := gologger.GetLogger("autocert")
|
|
logger.Debug("InitCertManager")
|
|
l := &autocert.Manager{
|
|
Prompt: autocert.AcceptTOS,
|
|
HostPolicy: hostPolicy,
|
|
Cache: autocert.DirCache(utils.NormalizePath(certDir)),
|
|
}
|
|
CertManager = &LocalCertManager{l}
|
|
}
|
|
|
|
func GetTlsConfig() *tls.Config {
|
|
if CertManager == nil {
|
|
InitCertManager(utils.NormalizePath("./certs"))
|
|
}
|
|
return CertManager.TLSConfig()
|
|
}
|
|
func hostPolicy(ctx context.Context, host string) error {
|
|
return nil
|
|
}
|