TrueCloudLab/distribution
13
0
Fork 3
Code Issues 2 Pull requests Projects Releases 2 Packages Wiki Activity Actions

Added support for specifying ACME-server by using REGISTRY_HTTP_TLS_LETSENCRYPT_DIRECTORYURL

Browse source 
Signed-off-by: Alex Lavallee <73203142+lavalleeale@users.noreply.github.com>
This commit is contained in:
Mike Truman 2021-07-23 21:25:09 +00:00 committed by Alex Lavallee
parent 6a57630cf4
commit 4bbe0ba080
No known key found for this signature in database
GPG key ID: 65BF64989FAB00D7
4 changed files with 29 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
configuration/configuration.go
View file

@ -131,6 +131,10 @@ type Configuration struct {
// Hosts specifies the hosts which are allowed to obtain Let's // Hosts specifies the hosts which are allowed to obtain Let's
// Encrypt certificates. // Encrypt certificates.
Hosts []string `yaml:"hosts,omitempty"` Hosts []string `yaml:"hosts,omitempty"`
// DirectoryURL points to the CA directory endpoint.
// If empty, LetsEncrypt is used.
DirectoryURL string `yaml:"directoryurl,omitempty"`
} `yaml:"letsencrypt,omitempty"` } `yaml:"letsencrypt,omitempty"`
} `yaml:"tls,omitempty"` } `yaml:"tls,omitempty"`

14
configuration/configuration_test.go
View file

@ -89,9 +89,10 @@ var configStruct = Configuration{
MinimumTLS string `yaml:"minimumtls,omitempty"` MinimumTLS string `yaml:"minimumtls,omitempty"`
CipherSuites []string `yaml:"ciphersuites,omitempty"` CipherSuites []string `yaml:"ciphersuites,omitempty"`
LetsEncrypt struct { LetsEncrypt struct {
CacheFile string `yaml:"cachefile,omitempty"` CacheFile string `yaml:"cachefile,omitempty"`
Email string `yaml:"email,omitempty"` Email string `yaml:"email,omitempty"`
Hosts []string `yaml:"hosts,omitempty"` Hosts []string `yaml:"hosts,omitempty"`
DirectoryURL string `yaml:"directoryurl,omitempty"`
} `yaml:"letsencrypt,omitempty"` } `yaml:"letsencrypt,omitempty"`
} `yaml:"tls,omitempty"` } `yaml:"tls,omitempty"`
Headers http.Header `yaml:"headers,omitempty"` Headers http.Header `yaml:"headers,omitempty"`
@ -113,9 +114,10 @@ var configStruct = Configuration{
MinimumTLS string `yaml:"minimumtls,omitempty"` MinimumTLS string `yaml:"minimumtls,omitempty"`
CipherSuites []string `yaml:"ciphersuites,omitempty"` CipherSuites []string `yaml:"ciphersuites,omitempty"`
LetsEncrypt struct { LetsEncrypt struct {
CacheFile string `yaml:"cachefile,omitempty"` CacheFile string `yaml:"cachefile,omitempty"`
Email string `yaml:"email,omitempty"` Email string `yaml:"email,omitempty"`
Hosts []string `yaml:"hosts,omitempty"` Hosts []string `yaml:"hosts,omitempty"`
DirectoryURL string `yaml:"directoryurl,omitempty"`
} `yaml:"letsencrypt,omitempty"` } `yaml:"letsencrypt,omitempty"`
}{ }{
ClientCAs: []string{"/path/to/ca.pem"}, ClientCAs: []string{"/path/to/ca.pem"},

13
docs/configuration.md
View file

@ -240,6 +240,7 @@ http:
cachefile: /path/to/cache-file cachefile: /path/to/cache-file
email: emailused@letsencrypt.com email: emailused@letsencrypt.com
hosts: [myregistryaddress.org] hosts: [myregistryaddress.org]
directoryurl: https://acme-v02.api.letsencrypt.org/directory
debug: debug:
addr: localhost:5001 addr: localhost:5001
prometheus: prometheus:
@ -823,6 +824,7 @@ http:
cachefile: /path/to/cache-file cachefile: /path/to/cache-file
email: emailused@letsencrypt.com email: emailused@letsencrypt.com
hosts: [myregistryaddress.org] hosts: [myregistryaddress.org]
directoryurl: https://acme-v02.api.letsencrypt.org/directory
debug: debug:
addr: localhost:5001 addr: localhost:5001
headers: headers:
@ -914,11 +916,12 @@ TLS certificates provided by
> ensure that you have the `ca-certificates` package installed in order to verify > ensure that you have the `ca-certificates` package installed in order to verify
> letsencrypt certificates. > letsencrypt certificates.
| Parameter | Required | Description | | Parameter | Required | Description |
|-----------|----------|-------------------------------------------------------| |----------------|----------|-----------------------------------------------------------------------|
| `cachefile` | yes | Absolute path to a file where the Let's Encrypt agent can cache data. | | `cachefile` | yes | Absolute path to a file where the Let's Encrypt agent can cache data. |
| `email` | yes | The email address used to register with Let's Encrypt. | | `email` | yes | The email address used to register with Let's Encrypt. |
| `hosts` | no | The hostnames allowed for Let's Encrypt certificates. | | `hosts` | no | The hostnames allowed for Let's Encrypt certificates. |
| `directoryurl` | no | The url to use for the ACME server. |
### `debug` ### `debug`

9
registry/registry.go
View file

@ -188,6 +188,14 @@ func getCipherSuiteNames(ids []uint16) []string {
return names return names
} }
// set ACME-server/DirectoryURL, if provided
func setDirectoryURL(directoryurl string) *acme.Client {
if len(directoryurl) > 0 {
return &acme.Client{DirectoryURL: directoryurl}
}
return nil
}
// ListenAndServe runs the registry's HTTP server. // ListenAndServe runs the registry's HTTP server.
func (registry *Registry) ListenAndServe() error { func (registry *Registry) ListenAndServe() error {
config := registry.config config := registry.config
@ -236,6 +244,7 @@ func (registry *Registry) ListenAndServe() error {
Cache: autocert.DirCache(config.HTTP.TLS.LetsEncrypt.CacheFile), Cache: autocert.DirCache(config.HTTP.TLS.LetsEncrypt.CacheFile),
Email: config.HTTP.TLS.LetsEncrypt.Email, Email: config.HTTP.TLS.LetsEncrypt.Email,
Prompt: autocert.AcceptTOS, Prompt: autocert.AcceptTOS,
Client: setDirectoryURL(config.HTTP.TLS.LetsEncrypt.DirectoryURL),
} }
tlsConf.GetCertificate = m.GetCertificate tlsConf.GetCertificate = m.GetCertificate
tlsConf.NextProtos = append(tlsConf.NextProtos, acme.ALPNProto) tlsConf.NextProtos = append(tlsConf.NextProtos, acme.ALPNProto)