Documentation
¶
Index ¶
- Constants
- Variables
- func CreateSelfSignedCertificate(validDays int, organization []string) (certPEM, privKeyPEM []byte, err error)
- func HostWhitelist(hosts ...string) autocert.HostPolicy
- func IsSelfSignedCertificate(fingerprint string) bool
- func NewDirCache(cacheDir string) (autocert.Cache, error)
- func NewRedisCache(cfg redisConfig) (autocert.Cache, error)
- func RegexpWhitelist(patterns ...*regexp.Regexp) autocert.HostPolicy
- type AutocertManager
- func (m *AutocertManager) GetACMEAccount(ctx context.Context) (*acme.Account, *ecdsa.PrivateKey, error)
- func (m *AutocertManager) GetAutocertALPN01Certificate(name string) (*tls.Certificate, error)
- func (m *AutocertManager) GetAutocertCertificate(name string) (*tls.Certificate, error)
- func (m *AutocertManager) GetCachedCertificate(name string) (*tls.Certificate, error)
- func (m *AutocertManager) KeyName(domain string) string
- func (m *AutocertManager) OCSPKeyName(domain string) string
- type Config
- type ManagedCertManager
- type OCSPManager
- type Opts
- type Server
- func (p *Server) BuildRoutes(mux *http.ServeMux)
- func (p *Server) GetCertificateByName(name string) (tlscert *tls.Certificate, certType int, err error)
- func (p *Server) GetOCSPStaplingByName(name string, fingerprint string) ([]byte, time.Time, error)
- func (p *Server) GetSelfSignedCertificate() (*tls.Certificate, error)
- func (p *Server) HandleCertificate(w http.ResponseWriter, r *http.Request)
- func (p *Server) HandleOCSPStapling(w http.ResponseWriter, r *http.Request)
- type StorageManager
- type WildcardManager
Constants ¶
View Source
const ( LetsEncrypt = 0 Managed = 1 Wildcard = 2 SelfSigned = 100 ALPNCert = 101 )
Certificate types
- smaller than 100 for certificates which have OCSP stapling; - equal or larger than 100 for certificates which don't have OCSP stapling;
View Source
const ( StorageTypeDirCache = "dir_cache" StorageTypeRedis = "redis" )
Variables ¶
View Source
var ( RspInvalidDomainName = []byte("Invalid domain name.") RspHostNotPermitted = []byte("Host name not permitted.") RspCertificateIsExpired = []byte("Certificate is expired.") RspErrGetCertificate = []byte("Error getting certificate.") RspErrMarshalCertificate = []byte("Error marshal certificate.") )
View Source
var ( ErrOCSPStateNotCached = errors.New("OCSP state is not cached") ErrOCSPNotSupported = errors.New("OCSP stapling is not supported") ErrStaplingNotCached = errors.New("OCSP stapling is not cached") ErrCertfuncNotFound = errors.New("certificate func not found") )
View Source
var DefaultSelfSignedOrganization = []string{"SSL Cert Server Self-Signed"}
View Source
var ErrCacheMiss = autocert.ErrCacheMiss
View Source
var ErrHostNotPermitted = errors.New("host not permitted")
Functions ¶
func HostWhitelist ¶
func HostWhitelist(hosts ...string) autocert.HostPolicy
func IsSelfSignedCertificate ¶ added in v0.5.0
func NewRedisCache ¶
func RegexpWhitelist ¶
func RegexpWhitelist(patterns ...*regexp.Regexp) autocert.HostPolicy
Types ¶
type AutocertManager ¶ added in v0.5.0
type AutocertManager struct {
// contains filtered or unexported fields
}
func NewAutocertManager ¶ added in v0.5.0
func NewAutocertManager(cfg *Config, ocspMgr *OCSPManager) *AutocertManager
func (*AutocertManager) GetACMEAccount ¶ added in v0.5.0
func (m *AutocertManager) GetACMEAccount(ctx context.Context) (*acme.Account, *ecdsa.PrivateKey, error)
func (*AutocertManager) GetAutocertALPN01Certificate ¶ added in v0.5.0
func (m *AutocertManager) GetAutocertALPN01Certificate(name string) (*tls.Certificate, error)
func (*AutocertManager) GetAutocertCertificate ¶ added in v0.5.0
func (m *AutocertManager) GetAutocertCertificate(name string) (*tls.Certificate, error)
func (*AutocertManager) GetCachedCertificate ¶ added in v0.5.0
func (m *AutocertManager) GetCachedCertificate(name string) (*tls.Certificate, error)
func (*AutocertManager) KeyName ¶ added in v0.5.0
func (m *AutocertManager) KeyName(domain string) string
func (*AutocertManager) OCSPKeyName ¶ added in v0.5.0
func (m *AutocertManager) OCSPKeyName(domain string) string
type Config ¶ added in v0.5.0
type Config struct {
Listen string `yaml:"listen" default:"127.0.0.1:8999"`
PIDFile string `yaml:"pid_file" default:"ssl-cert-server.pid"`
Storage struct {
Type string `yaml:"type" default:"dir_cache"`
DirCache string `yaml:"dir_cache" default:"./secret-dir"`
Redis redisConfig `yaml:"redis"`
// Cache is used to store and retrieve previously obtained certificates
// and other account data as opaque blobs.
Cache autocert.Cache `yaml:"-"`
} `yaml:"storage"`
Managed []struct {
Pattern string `yaml:"pattern"`
CertKey string `yaml:"cert_key"`
Regex *regexp.Regexp `yaml:"-"`
} `yaml:"managed"`
LetsEncrypt struct {
Staging bool `yaml:"staging"` // default: false
ForceRSA bool `yaml:"force_rsa"` // default: false
RenewBefore int `yaml:"renew_before" default:"30"`
Email string `yaml:"email"`
Domains []string `yaml:"domains"`
REPatterns []string `yaml:"re_patterns"`
// HostPolicy is built from DomainList and PatternList.
// By default, any valid domain name is allowed if neither
// domain list nor regex pattern list provided. In such case,
// all requests will go to Let's Encrypt, and the following self_signed
// configuration will not take effect.
HostPolicy autocert.HostPolicy `yaml:"-" json:"-"`
// DirectoryURL will be set to Let's Encrypt staging api if the
// option Staging is true, else it will be the production api.
DirectoryURL string `yaml:"-"`
} `yaml:"lets_encrypt"`
Wildcard struct {
LegoDataPath string `yaml:"lego_data_path"`
DNSCredentials []*dnsCredential `yaml:"dns_credentials"`
Certificates []*wildcardItem `yaml:"certificates"`
// contains filtered or unexported fields
} `yaml:"wildcard"`
SelfSigned struct {
Enable bool `yaml:"enable"` // default: false
CheckSNI bool `yaml:"check_sni"` // default: false
ValidDays int `yaml:"valid_days" default:"365"`
Organization []string `yaml:"organization"` // default: ["SSL Cert Server Self-Signed"]
CertKey string `yaml:"cert_key" default:"self_signed"`
} `yaml:"self_signed"`
}
func InitConfig ¶
func (*Config) CheckWildcardDomain ¶ added in v0.5.0
func (*Config) IsManagedDomain ¶ added in v0.5.0
func (*Config) IsSelfSignedAllowed ¶ added in v0.5.0
func (*Config) IsWildcardDomain ¶ added in v0.5.0
type ManagedCertManager ¶ added in v0.5.0
type ManagedCertManager struct {
// contains filtered or unexported fields
}
func NewManagedCertManager ¶ added in v0.5.0
func NewManagedCertManager(stor *StorageManager, ocspMgr *OCSPManager) *ManagedCertManager
func (*ManagedCertManager) Get ¶ added in v0.5.0
func (p *ManagedCertManager) Get(certKey string) (*tls.Certificate, error)
func (*ManagedCertManager) OCSPKeyName ¶ added in v0.5.0
func (p *ManagedCertManager) OCSPKeyName(certKey string) string
type OCSPManager ¶
type OCSPManager struct {
// contains filtered or unexported fields
}
func NewOCSPManager ¶ added in v0.4.2
func NewOCSPManager() *OCSPManager
func (*OCSPManager) GetOCSPStapling ¶ added in v0.5.0
func (m *OCSPManager) GetOCSPStapling( keyName string, fingerprint string, checkCacheCert func() (*tls.Certificate, error), ) ([]byte, time.Time, error)
func (*OCSPManager) IsCertificateCached ¶ added in v0.5.0
func (m *OCSPManager) IsCertificateCached(keyName string) bool
func (*OCSPManager) Watch ¶ added in v0.5.0
func (m *OCSPManager) Watch(keyName string, certfunc func() (*tls.Certificate, error))
type Opts ¶ added in v0.5.0
type Opts struct {
ConfigFile string `cli:"-c, --config, configuration filename" default:"./conf.yaml"`
}
type Server ¶ added in v0.5.0
type Server struct {
// contains filtered or unexported fields
}
func (*Server) BuildRoutes ¶ added in v0.5.0
func (*Server) GetCertificateByName ¶ added in v0.5.0
func (*Server) GetOCSPStaplingByName ¶ added in v0.5.0
func (*Server) GetSelfSignedCertificate ¶ added in v0.5.0
func (p *Server) GetSelfSignedCertificate() (*tls.Certificate, error)
func (*Server) HandleCertificate ¶ added in v0.5.0
func (p *Server) HandleCertificate(w http.ResponseWriter, r *http.Request)
HandleCertificate handlers requests of SSL certificate.
Possible responses are:
- 200 with the certificate data as response
- 400 the requested domain name is invalid or not permitted
- 500 which indicates the server failed to process the request, in such case, the body will be filled with the error message
func (*Server) HandleOCSPStapling ¶ added in v0.5.0
func (p *Server) HandleOCSPStapling(w http.ResponseWriter, r *http.Request)
HandleOCSPStapling handles requests of OCSP stapling.
Possible responses are:
- 200 with the OCSP response as body
- 204 without body, which indicates OCSP stapling for the requested domain is not available, temporarily or permanently
- 400 which indicates the requested domain name is invalid or not permitted
type StorageManager ¶ added in v0.5.0
type StorageManager struct {
// contains filtered or unexported fields
}
func NewStorageManager ¶ added in v0.5.0
func NewStorageManager(cfg *Config) *StorageManager
func (*StorageManager) LoadCertificateFromStore ¶ added in v0.5.0
func (p *StorageManager) LoadCertificateFromStore(certKey string) (tlscert *tls.Certificate, keyPEM, certPEM []byte, err error)
LoadCertificateFromStore loads certificate from storage, if the certificate exists and is valid, it will be returned, or an error otherwise.
func (*StorageManager) SaveCertificateToStore ¶ added in v0.5.0
func (p *StorageManager) SaveCertificateToStore(certKey string, privPEM, pubPEM []byte) error
SaveCertificateToStore saves certificate to storage.
type WildcardManager ¶ added in v0.5.0
type WildcardManager struct {
// contains filtered or unexported fields
}
func NewWildcardManager ¶ added in v0.5.0
func NewWildcardManager(cfg *Config, stor *StorageManager, ocspMgr *OCSPManager, legoApp *lego.App) *WildcardManager
func (*WildcardManager) Get ¶ added in v0.5.0
func (p *WildcardManager) Get(item *wildcardItem, issueIfNotCached bool) (*tls.Certificate, error)
Source Files
Click to show internal directories.
Click to hide internal directories.