mirror of
https://github.com/jsiebens/ionscale.git
synced 2026-03-31 15:07:49 +01:00
feat: store acme certificates in db
This commit is contained in:
Johan Siebens
@@ -67,7 +67,6 @@ func configureCommand() *cobra.Command {
|
||||
if acme {
|
||||
c.Tls.AcmeEnabled = true
|
||||
c.Tls.AcmeEmail = email
|
||||
c.Tls.AcmePath = filepath.Join(dataDir, "acme")
|
||||
} else {
|
||||
c.Tls.CertFile = certFile
|
||||
c.Tls.KeyFile = keyFile
|
||||
|
||||
@@ -8,10 +8,9 @@ import (
|
||||
|
||||
func serverCommand() *cobra.Command {
|
||||
command := &cobra.Command{
|
||||
Use: "server",
|
||||
Short: "Start an ionscale server",
|
||||
SilenceUsage: true,
|
||||
SilenceErrors: true,
|
||||
Use: "server",
|
||||
Short: "Start an ionscale server",
|
||||
SilenceUsage: true,
|
||||
}
|
||||
|
||||
var configFile string
|
||||
@@ -25,7 +24,7 @@ func serverCommand() *cobra.Command {
|
||||
return err
|
||||
}
|
||||
|
||||
return server.Start(c)
|
||||
return server.Start(command.Context(), c)
|
||||
}
|
||||
|
||||
return command
|
||||
|
||||
@@ -115,7 +115,6 @@ func defaultConfig() *Config {
|
||||
ForceHttps: true,
|
||||
AcmeEnabled: false,
|
||||
AcmeCA: certmagic.LetsEncryptProductionCA,
|
||||
AcmePath: "./acme",
|
||||
},
|
||||
PollNet: PollNet{
|
||||
KeepAliveInterval: defaultKeepAliveInterval,
|
||||
@@ -157,7 +156,6 @@ type Tls struct {
|
||||
AcmeEnabled bool `yaml:"acme,omitempty" env:"ACME_ENABLED"`
|
||||
AcmeEmail string `yaml:"acme_email,omitempty" env:"ACME_EMAIL"`
|
||||
AcmeCA string `yaml:"acme_ca,omitempty" env:"ACME_CA"`
|
||||
AcmePath string `yaml:"acme_path,omitempty" env:"ACME_PATH"`
|
||||
}
|
||||
|
||||
type PollNet struct {
|
||||
|
||||
@@ -2,6 +2,7 @@ package database
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/go-gormigrate/gormigrate/v2"
|
||||
@@ -23,17 +24,17 @@ type dbLock interface {
|
||||
UnlockErr(error) error
|
||||
}
|
||||
|
||||
func OpenDB(config *config.Database, logger *zap.Logger) (domain.Repository, error) {
|
||||
func OpenDB(config *config.Database, logger *zap.Logger) (*sql.DB, domain.Repository, error) {
|
||||
db, lock, err := createDB(config, logger)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
_ = db.Use(prometheus.New(prometheus.Config{StartServer: false}))
|
||||
|
||||
sqlDB, err := db.DB()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
sqlDB.SetMaxOpenConns(config.MaxOpenConns)
|
||||
@@ -44,14 +45,14 @@ func OpenDB(config *config.Database, logger *zap.Logger) (domain.Repository, err
|
||||
repository := domain.NewRepository(db)
|
||||
|
||||
if err := lock.Lock(); err != nil {
|
||||
return nil, err
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
if err := lock.UnlockErr(migrate(db)); err != nil {
|
||||
return nil, err
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
return repository, nil
|
||||
return sqlDB, repository, nil
|
||||
}
|
||||
|
||||
func createDB(config *config.Database, logger *zap.Logger) (*gorm.DB, dbLock, error) {
|
||||
|
||||
@@ -17,6 +17,7 @@ import (
|
||||
echo_prometheus "github.com/labstack/echo-contrib/prometheus"
|
||||
"github.com/labstack/echo/v4"
|
||||
"github.com/labstack/echo/v4/middleware"
|
||||
certmagicsql "github.com/travisjeffery/certmagic-sqlstorage"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
"golang.org/x/net/http2"
|
||||
@@ -29,7 +30,7 @@ import (
|
||||
"tailscale.com/types/key"
|
||||
)
|
||||
|
||||
func Start(c *config.Config) error {
|
||||
func Start(ctx context.Context, c *config.Config) error {
|
||||
logger, err := setupLogging(c.Logging)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -47,14 +48,14 @@ func Start(c *config.Config) error {
|
||||
httpLogger := logger.Named("http")
|
||||
dbLogger := logger.Named("db")
|
||||
|
||||
repository, err := database.OpenDB(&c.Database, dbLogger)
|
||||
db, repository, err := database.OpenDB(&c.Database, dbLogger)
|
||||
if err != nil {
|
||||
return logError(err)
|
||||
}
|
||||
|
||||
sessionManager := core.NewPollMapSessionManager()
|
||||
|
||||
defaultControlKeys, err := repository.GetControlKeys(context.Background())
|
||||
defaultControlKeys, err := repository.GetControlKeys(ctx)
|
||||
if err != nil {
|
||||
return logError(err)
|
||||
}
|
||||
@@ -73,16 +74,19 @@ func Start(c *config.Config) error {
|
||||
|
||||
// prepare CertMagic
|
||||
if c.Tls.AcmeEnabled {
|
||||
storage, err := certmagicsql.NewStorage(ctx, db, certmagicsql.Options{})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
certmagic.DefaultACME.Agreed = true
|
||||
certmagic.DefaultACME.Email = c.Tls.AcmeEmail
|
||||
certmagic.DefaultACME.CA = c.Tls.AcmeCA
|
||||
certmagic.Default.Logger = logger.Named("certmagic")
|
||||
if c.Tls.AcmePath != "" {
|
||||
certmagic.Default.Storage = &certmagic.FileStorage{Path: c.Tls.AcmePath}
|
||||
}
|
||||
certmagic.Default.Storage = storage
|
||||
|
||||
cfg := certmagic.NewDefault()
|
||||
if err := cfg.ManageAsync(context.Background(), []string{serverUrl.Host}); err != nil {
|
||||
if err := cfg.ManageAsync(ctx, []string{serverUrl.Host}); err != nil {
|
||||
return logError(err)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user