diff --git a/.github_build/Build.alpine.env b/.github_build/Build.alpine.env index 37ab09e3..a0bd0a5c 100644 --- a/.github_build/Build.alpine.env +++ b/.github_build/Build.alpine.env @@ -1,5 +1,5 @@ # CORE ALPINE BASE IMAGE OS_NAME=alpine OS_VERSION=3.15 -GOLANG_IMAGE=golang:1.18.4-alpine3.15 -CORE_VERSION=16.9.1 +GOLANG_IMAGE=golang:1.18.6-alpine3.15 +CORE_VERSION=16.10.1 diff --git a/.github_build/Build.ubuntu.env b/.github_build/Build.ubuntu.env index 17f5133e..d2b205a9 100644 --- a/.github_build/Build.ubuntu.env +++ b/.github_build/Build.ubuntu.env @@ -1,5 +1,5 @@ # CORE UBUNTU BASE IMAGE OS_NAME=ubuntu OS_VERSION=20.04 -GOLANG_IMAGE=golang:1.18.4-alpine3.15 -CORE_VERSION=16.9.1 +GOLANG_IMAGE=golang:1.18.6-alpine3.15 +CORE_VERSION=16.10.1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 339457e7..50869919 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Core +### Core v16.10.0 > v16.10.1 + +- Add email address in TLS config for Let's Encrypt +- Fix use of Let's Encrypt production CA + ### Core v16.9.1 > v16.10.0 - Add HLS session middleware to diskfs diff --git a/app/api/api.go b/app/api/api.go index 132f633f..4820090f 100644 --- a/app/api/api.go +++ b/app/api/api.go @@ -459,7 +459,12 @@ func (a *api) start() error { host = "localhost" } - template := "rtmp://" + host + ":" + port + cfg.RTMP.App + "/{name}" + template := "rtmp://" + host + ":" + port + if cfg.RTMP.App != "/" { + template += cfg.RTMP.App + } + template += "/{name}" + if len(cfg.RTMP.Token) != 0 { template += "?token=" + cfg.RTMP.Token } @@ -665,8 +670,8 @@ func (a *api) start() error { } certmagic.DefaultACME.Agreed = true - certmagic.DefaultACME.Email = "" - certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA + certmagic.DefaultACME.Email = cfg.TLS.Email + certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA certmagic.DefaultACME.DisableHTTPChallenge = false certmagic.DefaultACME.DisableTLSALPNChallenge = true certmagic.DefaultACME.Logger = nil diff --git a/app/version.go b/app/version.go index 0b6b5332..41660539 100644 --- a/app/version.go +++ b/app/version.go @@ -30,7 +30,7 @@ func (v versionInfo) MinorString() string { var Version = versionInfo{ Major: 16, Minor: 10, - Patch: 0, + Patch: 1, } // Commit is the git commit the app is build from. It should be filled in during compilation diff --git a/config/config.go b/config/config.go index ef1f3e1a..9086d876 100644 --- a/config/config.go +++ b/config/config.go @@ -176,6 +176,7 @@ func (d *Config) init() { d.val(newAddressValue(&d.TLS.Address, ":8181"), "tls.address", "CORE_TLS_ADDRESS", nil, "HTTPS listening address", false, false) d.val(newBoolValue(&d.TLS.Enable, false), "tls.enable", "CORE_TLS_ENABLE", nil, "Enable HTTPS", false, false) d.val(newBoolValue(&d.TLS.Auto, false), "tls.auto", "CORE_TLS_AUTO", nil, "Enable Let's Encrypt certificate", false, false) + d.val(newEmailValue(&d.TLS.Email, "cert@datarhei.com"), "tls.email", "CORE_TLS_EMAIL", nil, "Email for Let's Encrypt registration", false, false) d.val(newFileValue(&d.TLS.CertFile, ""), "tls.cert_file", "CORE_TLS_CERTFILE", nil, "Path to certificate file in PEM format", false, false) d.val(newFileValue(&d.TLS.KeyFile, ""), "tls.key_file", "CORE_TLS_KEYFILE", nil, "Path to key file in PEM format", false, false) @@ -419,6 +420,14 @@ func (d *Config) Validate(resetLogs bool) { } } + // If TLS and Let's Encrypt certificate is enabled, we require a non-empty email address + if d.TLS.Enable && d.TLS.Auto { + if len(d.TLS.Email) == 0 { + v := d.findVariable("tls.email") + v.value.Set(v.defVal) + } + } + // If TLS for RTMP is enabled, TLS must be enabled if d.RTMP.EnableTLS { if !d.RTMP.Enable { diff --git a/config/data.go b/config/data.go index 8dd82822..d273368d 100644 --- a/config/data.go +++ b/config/data.go @@ -54,6 +54,7 @@ type Data struct { Address string `json:"address"` Enable bool `json:"enable"` Auto bool `json:"auto"` + Email string `json:"email"` CertFile string `json:"cert_file"` KeyFile string `json:"key_file"` } `json:"tls"` @@ -174,7 +175,6 @@ func NewV3FromV2(d *dataV2) (*Data, error) { data.DB = d.DB data.Host = d.Host data.API = d.API - data.TLS = d.TLS data.RTMP = d.RTMP data.SRT = d.SRT data.FFmpeg = d.FFmpeg @@ -211,6 +211,13 @@ func NewV3FromV2(d *dataV2) (*Data, error) { data.Router.Routes = copyStringMap(d.Router.Routes) // Actual changes + data.TLS.Enable = d.TLS.Enable + data.TLS.Address = d.TLS.Address + data.TLS.Auto = d.TLS.Auto + data.TLS.CertFile = d.TLS.CertFile + data.TLS.KeyFile = d.TLS.KeyFile + data.TLS.Email = "cert@datarhei.com" + data.Storage.MimeTypes = d.Storage.MimeTypes data.Storage.CORS = d.Storage.CORS diff --git a/config/types.go b/config/types.go index 3b5532ec..f5a27e82 100644 --- a/config/types.go +++ b/config/types.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "net" + "net/mail" "net/url" "os" "os/exec" @@ -805,3 +806,39 @@ func (s *absolutePathValue) Validate() error { func (s *absolutePathValue) IsEmpty() bool { return len(string(*s)) == 0 } + +// email address + +type emailValue string + +func newEmailValue(p *string, val string) *emailValue { + *p = val + return (*emailValue)(p) +} + +func (s *emailValue) Set(val string) error { + addr, err := mail.ParseAddress(val) + if err != nil { + return err + } + + *s = emailValue(addr.Address) + return nil +} + +func (s *emailValue) String() string { + return string(*s) +} + +func (s *emailValue) Validate() error { + if len(s.String()) == 0 { + return nil + } + + _, err := mail.ParseAddress(s.String()) + return err +} + +func (s *emailValue) IsEmpty() bool { + return len(string(*s)) == 0 +}