dont use protocol for letsencrypt

2018-07-04 19:33:26 +00:00 · 2018-07-04 19:33:26 +00:00 · 75dd8ed58a
commit 75dd8ed58a
parent f09fb9c78c
4 changed files with 17 additions and 11 deletions
--- a/cmd/web.go
+++ b/cmd/web.go
@ -172,12 +172,14 @@ func runWeb(ctx *cli.Context) error {
 	case setting.HTTP:
 		err = runHTTP(listenAddr, context2.ClearHandler(m))
 	case setting.HTTPS:
+		if setting.LetsEncrypt {
+			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
+			break
+		}
 		if setting.RedirectOtherPort {
 			go runHTTPRedirector()
 		}
 		err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
-	case setting.LetsEncrypt:
-		err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
 	case setting.FCGI:
 		listener, err := net.Listen("tcp", listenAddr)
 		if err != nil {
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@ -82,7 +82,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.

 ## Server (`server`)

- `PROTOCOL`: **http**: \[http, https, fcgi, unix, letsencrypt\] If using letsencrypt you must set `DOMAIN` to valid domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server). 
+- `PROTOCOL`: **http**: \[http, https, fcgi, unix\]
 - `DOMAIN`: **localhost**: Domain name of this server.
 - `ROOT_URL`: **%(PROTOCOL)s://%(DOMAIN)s:%(HTTP\_PORT)s/**:
   Overwrite the automatically generated public URL.
@ -119,6 +119,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests
   on another (https) port.
 - `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true.
+- `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server).
+   By using Lets Encrypt you must consent to their [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf)
 - `LETSENCRYPT_DIRECTORY`: **https**: Directory that Letsencrypt will use to cache information such as certs and private keys
 - `LETSENCRYPT_EMAIL`: **email@example.com**: Email used by Letsencrypt to notify about problems with issued certificates. (No default)

--- a/docs/content/doc/usage/https-support.md
+++ b/docs/content/doc/usage/https-support.md
@ -38,8 +38,9 @@ To learn more about the config values, please checkout the [Config Cheat Sheet](

 ```ini
 [server]
-PROTOCOL=letsencrypt
+PROTOCOL=https
 DOMAIN=git.example.com
+ENABLE_LETSENCRYPT=true
 LETSENCRYPT_DIRECTORY=https
 LETSENCRYPT_EMAIL=email@example.com
 ```
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -43,11 +43,10 @@ type Scheme string

 // enumerates all the scheme types
 const (
-	HTTP        Scheme = "http"
-	HTTPS       Scheme = "https"
-	FCGI        Scheme = "fcgi"
-	UnixSocket  Scheme = "unix"
-	LetsEncrypt Scheme = "letsencrypt"
+	HTTP       Scheme = "http"
+	HTTPS      Scheme = "https"
+	FCGI       Scheme = "fcgi"
+	UnixSocket Scheme = "unix"
 )

 // LandingPage describes the default page
@ -106,6 +105,7 @@ var (
 	LandingPageURL       LandingPage
 	UnixSocketPermission uint32
 	EnablePprof          bool
+	EnableLetsEncrypt    bool
 	LetsEncryptDirectory string
 	LetsEncryptEmail     string

@ -714,8 +714,9 @@ func NewContext() {
 			log.Fatal(4, "Failed to parse unixSocketPermission: %s", UnixSocketPermissionRaw)
 		}
 		UnixSocketPermission = uint32(UnixSocketPermissionParsed)
-	} else if sec.Key("PROTOCOL").String() == "letsencrypt" {
-		Protocol = LetsEncrypt
+	}
+	EnableLetsEncrypt := sec.Key("ENABLE_LETSENCRYPT").MustBool(false)
+	if EnableLetsEncrypt {
 		LetsEncryptDirectory = sec.Key("LETSENCRYPT_DIRECTORY").MustString("https")
 		LetsEncryptEmail = sec.Key("LETSENCRYPT_EMAIL").MustString("")
 	}