Skip to content

cmd/sunlight: add -testcert #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
FiloSottile merged 1 commit into from
Jan 26, 2024
Merged

cmd/sunlight: add -testcert #5

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 27 additions & 11 deletions cmd/sunlight/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@
// If the command line flag -create is passed, the command will create any logs
// that don't exist and exit.
//
// If the command line flag -testcert is passed, ACME will be disabled and the
// certificate will be loaded from sunlight.pem and sunlight-key.pem.
//
// Metrics are exposed publicly at /metrics, and logs are written to stderr in
// human-readable format, and to stdout in JSON format.
//
Expand All @@ -17,6 +20,7 @@ package main
import (
"context"
"crypto/ecdsa"
"crypto/tls"
"crypto/x509"
"encoding/pem"
"flag"
Expand Down Expand Up @@ -137,6 +141,7 @@ type LogConfig struct {
func main() {
configFlag := flag.String("c", "sunlight.yaml", "path to the config file")
createFlag := flag.Bool("create", false, "create any logs that don't exist and exit")
testCertFlag := flag.Bool("testcert", false, "use sunlight.pem and sunlight-key.pem instead of ACME")
flag.Parse()

logLevel := new(slog.LevelVar)
Expand Down Expand Up @@ -296,19 +301,8 @@ func main() {
return
}

m := &autocert.Manager{
Cache: autocert.DirCache(c.ACME.Cache),
Prompt: autocert.AcceptTOS,
Email: c.ACME.Email,
HostPolicy: autocert.HostWhitelist(c.ACME.Host),
Client: &acme.Client{
DirectoryURL: c.ACME.Directory,
UserAgent: "filippo.io/sunlight",
},
}
s := &http.Server{
Addr: c.Listen,
TLSConfig: m.TLSConfig(),
Handler: mux,
ConnContext: ctlog.ReusedConnContext,
ReadTimeout: 5 * time.Second,
Expand All @@ -333,6 +327,28 @@ func main() {
},
}, slog.LevelWarn),
}
if *testCertFlag {
cert, err := tls.LoadX509KeyPair("sunlight.pem", "sunlight-key.pem")
if err != nil {
logger.Error("failed to load test cert", "err", err)
os.Exit(1)
}
s.TLSConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
}
} else {
m := &autocert.Manager{
Cache: autocert.DirCache(c.ACME.Cache),
Prompt: autocert.AcceptTOS,
Email: c.ACME.Email,
HostPolicy: autocert.HostWhitelist(c.ACME.Host),
Client: &acme.Client{
DirectoryURL: c.ACME.Directory,
UserAgent: "filippo.io/sunlight",
},
}
s.TLSConfig = m.TLSConfig()
}

go func() {
err := s.ListenAndServeTLS("", "")
Expand Down
Loading