chore: rename cert magic config to acme

internal/config/config.go

@@ -47,10 +47,10 @@ const (
 	tlsDisableKey               = "IONSCALE_TLS_DISABLE"
 	tlsCertFileKey              = "IONSCALE_TLS_CERT_FILE"
 	tlsKeyFileKey               = "IONSCALE_TLS_KEY_FILE"
-	tlsCertMagicCAKey           = "IONSCALE_TLS_CERT_MAGIC_CA"
-	tlsCertMagicDomainKey       = "IONSCALE_TLS_CERT_MAGIC_DOMAIN"
-	tlsCertMagicEmailKey        = "IONSCALE_TLS_CERT_MAGIC_EMAIL"
-	tlsCertMagicStoragePath     = "IONSCALE_TLS_CERT_MAGIC_STORAGE_PATH"
+	tlsAcmeKey                  = "IONSCALE_TLS_ACME"
+	tlsAcmeCAKey                = "IONSCALE_TLS_ACME_CA"
+	tlsAcmeEmailKey             = "IONSCALE_TLS_ACME_EMAIL"
+	tlsAcmePath                 = "IONSCALE_TLS_ACME_PATH"
 	metricsListenAddrKey        = "IONSCALE_METRICS_LISTEN_ADDR"
 	loggingLevelKey             = "IONSCALE_LOGGING_LEVEL"
 	loggingFormatKey            = "IONSCALE_LOGGING_FORMAT"
@@ -74,13 +74,12 @@ func defaultConfig() *Config {
 			Url: GetString(databaseUrlKey, "ionscale.db"),
 		},
 		Tls: Tls{
-			Disable:              GetBool(tlsDisableKey, false),
-			CertFile:             GetString(tlsCertFileKey, ""),
-			KeyFile:              GetString(tlsKeyFileKey, ""),
-			CertMagicCA:          GetString(tlsCertMagicCAKey, certmagic.LetsEncryptProductionCA),
-			CertMagicDomain:      GetString(tlsCertMagicDomainKey, ""),
-			CertMagicEmail:       GetString(tlsCertMagicEmailKey, ""),
-			CertMagicStoragePath: GetString(tlsCertMagicStoragePath, ""),
+			Disable:   GetBool(tlsDisableKey, false),
+			CertFile:  GetString(tlsCertFileKey, ""),
+			KeyFile:   GetString(tlsKeyFileKey, ""),
+			AcmeCA:    GetString(tlsAcmeCAKey, certmagic.LetsEncryptProductionCA),
+			AcmeEmail: GetString(tlsAcmeEmailKey, ""),
+			AcmePath:  GetString(tlsAcmePath, ""),
 		},
 		AuthProvider: AuthProvider{
 			Issuer:       GetString(authProviderIssuerKey, ""),
@@ -115,13 +114,13 @@ type Config struct {
 }
 
 type Tls struct {
-	Disable              bool   `yaml:"disable"`
-	CertFile             string `yaml:"cert_file,omitempty"`
-	KeyFile              string `yaml:"key_file,omitempty"`
-	CertMagicDomain      string `yaml:"cert_magic_domain,omitempty"`
-	CertMagicEmail       string `yaml:"cert_magic_email,omitempty"`
-	CertMagicCA          string `yaml:"cert_magic_ca,omitempty"`
-	CertMagicStoragePath string `yaml:"cert_magic_storage_path,omitempty"`
+	Disable     bool   `yaml:"disable"`
+	CertFile    string `yaml:"cert_file,omitempty"`
+	KeyFile     string `yaml:"key_file,omitempty"`
+	AcmeEnabled bool   `yaml:"acme,omitempty"`
+	AcmeEmail   string `yaml:"acme_email,omitempty"`
+	AcmeCA      string `yaml:"acme_ca,omitempty"`
+	AcmePath    string `yaml:"acme_path,omitempty"`
 }
 
 type Logging struct {

internal/handlers/http_redirect.go

@@ -9,7 +9,11 @@ import (
 )
 
 func HttpRedirectHandler(tls config.Tls) echo.HandlerFunc {
-	if tls.CertMagicDomain != "" {
+	if tls.Disable {
+		return IndexHandler(http.StatusNotFound)
+	}
+
+	if tls.AcmeEnabled {
 		cfg := certmagic.NewDefault()
 		if len(cfg.Issuers) > 0 {
 			if am, ok := cfg.Issuers[0].(*certmagic.ACMEIssuer); ok {
@@ -19,10 +23,6 @@ func HttpRedirectHandler(tls config.Tls) echo.HandlerFunc {
 		}
 	}
 
-	if tls.Disable {
-		return IndexHandler(http.StatusNotFound)
-	}
-
 	return echo.WrapHandler(http.HandlerFunc(httpRedirectHandler))
 }
 

internal/server/server.go

@@ -23,6 +23,7 @@ import (
 	"log"
 	"net"
 	"net/http"
+	"net/url"
 	"os"
 	"strings"
 	"tailscale.com/types/key"
@@ -52,17 +53,22 @@ func Start(c *config.Config) error {
 	go offlineTimers.Start()
 	go reaper.Start()
 
+	serverUrl, err := url.Parse(c.ServerUrl)
+	if err != nil {
+		return err
+	}
+
 	// prepare CertMagic
-	if c.Tls.CertMagicDomain != "" {
+	if c.Tls.AcmeEnabled {
 		certmagic.DefaultACME.Agreed = true
-		certmagic.DefaultACME.Email = c.Tls.CertMagicEmail
-		certmagic.DefaultACME.CA = c.Tls.CertMagicCA
-		if c.Tls.CertMagicStoragePath != "" {
-			certmagic.Default.Storage = &certmagic.FileStorage{Path: c.Tls.CertMagicStoragePath}
+		certmagic.DefaultACME.Email = c.Tls.AcmeEmail
+		certmagic.DefaultACME.CA = c.Tls.AcmeCA
+		if c.Tls.AcmePath != "" {
+			certmagic.Default.Storage = &certmagic.FileStorage{Path: c.Tls.AcmePath}
 		}
 
 		cfg := certmagic.NewDefault()
-		if err := cfg.ManageAsync(context.Background(), []string{c.Tls.CertMagicDomain}); err != nil {
+		if err := cfg.ManageAsync(context.Background(), []string{serverUrl.Host}); err != nil {
 			return err
 		}
 
@@ -166,8 +172,8 @@ func Start(c *config.Config) error {
 		g.Go(func() error { return http.Serve(nonTlsL, nonTlsAppHandler) })
 	}
 
-	if c.Tls.CertMagicDomain != "" {
-		logger.Info("TLS is enabled with CertMagic", "domain", c.Tls.CertMagicDomain)
+	if c.Tls.AcmeEnabled {
+		logger.Info("TLS is enabled with ACME", "domain", serverUrl.Host)
 		logger.Info("Server is running", "http_addr", c.HttpListenAddr, "https_addr", c.HttpsListenAddr, "metrics_addr", c.MetricsListenAddr)
 	} else if !c.Tls.Disable {
 		logger.Info("TLS is enabled", "cert", c.Tls.CertFile)
@@ -202,25 +208,25 @@ func metricsListener(config *config.Config) (net.Listener, error) {
 }
 
 func tlsListener(config *config.Config) (net.Listener, error) {
-	if config.Tls.CertMagicDomain != "" {
+	if config.Tls.Disable {
+		return nil, nil
+	}
+
+	if config.Tls.AcmeEnabled {
 		cfg := certmagic.NewDefault()
 		tlsConfig := cfg.TLSConfig()
 		tlsConfig.NextProtos = append([]string{"h2", "http/1.1"}, tlsConfig.NextProtos...)
 		return tls.Listen("tcp", config.HttpsListenAddr, tlsConfig)
 	}
 
-	if !config.Tls.Disable {
-		cer, err := tls.LoadX509KeyPair(config.Tls.CertFile, config.Tls.KeyFile)
-		if err != nil {
-			return nil, err
-		}
-
-		tlsConfig := &tls.Config{Certificates: []tls.Certificate{cer}}
-
-		return tls.Listen("tcp", config.HttpsListenAddr, tlsConfig)
+	cer, err := tls.LoadX509KeyPair(config.Tls.CertFile, config.Tls.KeyFile)
+	if err != nil {
+		return nil, err
 	}
 
-	return nil, nil
+	tlsConfig := &tls.Config{Certificates: []tls.Certificate{cer}}
+
+	return tls.Listen("tcp", config.HttpsListenAddr, tlsConfig)
 }
 
 func nonTlsListener(config *config.Config) (net.Listener, error) {