From fe2e9d375c4ff00d99968feb3648ff794e1581e0 Mon Sep 17 00:00:00 2001 From: Ingo Oppermann Date: Fri, 30 Sep 2022 12:12:36 +0200 Subject: [PATCH] Use LE porduction CA, allow to configure an email address --- app/api/api.go | 4 ++-- config/config.go | 8 ++++++++ config/data.go | 9 ++++++++- config/types.go | 37 +++++++++++++++++++++++++++++++++++++ 4 files changed, 55 insertions(+), 3 deletions(-) diff --git a/app/api/api.go b/app/api/api.go index 8ba5806d..647da500 100644 --- a/app/api/api.go +++ b/app/api/api.go @@ -655,8 +655,8 @@ func (a *api) start() error { } certmagic.DefaultACME.Agreed = true - certmagic.DefaultACME.Email = "" - certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA + certmagic.DefaultACME.Email = cfg.TLS.Email + certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA certmagic.DefaultACME.DisableHTTPChallenge = false certmagic.DefaultACME.DisableTLSALPNChallenge = true certmagic.DefaultACME.Logger = nil diff --git a/config/config.go b/config/config.go index ef1f3e1a..485fa88b 100644 --- a/config/config.go +++ b/config/config.go @@ -176,6 +176,7 @@ func (d *Config) init() { d.val(newAddressValue(&d.TLS.Address, ":8181"), "tls.address", "CORE_TLS_ADDRESS", nil, "HTTPS listening address", false, false) d.val(newBoolValue(&d.TLS.Enable, false), "tls.enable", "CORE_TLS_ENABLE", nil, "Enable HTTPS", false, false) d.val(newBoolValue(&d.TLS.Auto, false), "tls.auto", "CORE_TLS_AUTO", nil, "Enable Let's Encrypt certificate", false, false) + d.val(newEmailValue(&d.TLS.Email, "cert@datarhei.com"), "tls.email", "CORE_TLS_EMAIL", nil, "Email for Let's Encrypt registration", false, false) d.val(newFileValue(&d.TLS.CertFile, ""), "tls.cert_file", "CORE_TLS_CERTFILE", nil, "Path to certificate file in PEM format", false, false) d.val(newFileValue(&d.TLS.KeyFile, ""), "tls.key_file", "CORE_TLS_KEYFILE", nil, "Path to key file in PEM format", false, false) @@ -419,6 +420,13 @@ func (d *Config) Validate(resetLogs bool) { } } + // If TLS and Let's Encrypt certificate is enabled, we require a non-empty email address + if d.TLS.Enable && d.TLS.Auto { + if len(d.TLS.Email) == 0 { + d.log("error", d.findVariable("tls.email"), "an email address must be set in order to get an automatic TLS certificate") + } + } + // If TLS for RTMP is enabled, TLS must be enabled if d.RTMP.EnableTLS { if !d.RTMP.Enable { diff --git a/config/data.go b/config/data.go index 8dd82822..d273368d 100644 --- a/config/data.go +++ b/config/data.go @@ -54,6 +54,7 @@ type Data struct { Address string `json:"address"` Enable bool `json:"enable"` Auto bool `json:"auto"` + Email string `json:"email"` CertFile string `json:"cert_file"` KeyFile string `json:"key_file"` } `json:"tls"` @@ -174,7 +175,6 @@ func NewV3FromV2(d *dataV2) (*Data, error) { data.DB = d.DB data.Host = d.Host data.API = d.API - data.TLS = d.TLS data.RTMP = d.RTMP data.SRT = d.SRT data.FFmpeg = d.FFmpeg @@ -211,6 +211,13 @@ func NewV3FromV2(d *dataV2) (*Data, error) { data.Router.Routes = copyStringMap(d.Router.Routes) // Actual changes + data.TLS.Enable = d.TLS.Enable + data.TLS.Address = d.TLS.Address + data.TLS.Auto = d.TLS.Auto + data.TLS.CertFile = d.TLS.CertFile + data.TLS.KeyFile = d.TLS.KeyFile + data.TLS.Email = "cert@datarhei.com" + data.Storage.MimeTypes = d.Storage.MimeTypes data.Storage.CORS = d.Storage.CORS diff --git a/config/types.go b/config/types.go index 3b5532ec..f5a27e82 100644 --- a/config/types.go +++ b/config/types.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "net" + "net/mail" "net/url" "os" "os/exec" @@ -805,3 +806,39 @@ func (s *absolutePathValue) Validate() error { func (s *absolutePathValue) IsEmpty() bool { return len(string(*s)) == 0 } + +// email address + +type emailValue string + +func newEmailValue(p *string, val string) *emailValue { + *p = val + return (*emailValue)(p) +} + +func (s *emailValue) Set(val string) error { + addr, err := mail.ParseAddress(val) + if err != nil { + return err + } + + *s = emailValue(addr.Address) + return nil +} + +func (s *emailValue) String() string { + return string(*s) +} + +func (s *emailValue) Validate() error { + if len(s.String()) == 0 { + return nil + } + + _, err := mail.ParseAddress(s.String()) + return err +} + +func (s *emailValue) IsEmpty() bool { + return len(string(*s)) == 0 +}