let user customize directory and set email

2018-06-10 02:43:24 +00:00 · 2018-06-10 02:43:24 +00:00 · c56d4a2003
commit c56d4a2003
parent 95a419199e
3 changed files with 10 additions and 3 deletions
--- a/cmd/web.go
+++ b/cmd/web.go
@ -73,11 +73,12 @@ func runHTTPRedirector() {
 	}
 }

-func runLetsEncrypt(listenAddr, domain string, m http.Handler) error {
+func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
 	certManager := autocert.Manager{
 		Prompt:     autocert.AcceptTOS,
 		HostPolicy: autocert.HostWhitelist(domain),
-		Cache:      autocert.DirCache("https"),
+		Cache:      autocert.DirCache(directory),
+		Email:      email,
 	}
 	go http.ListenAndServe(":80", certManager.HTTPHandler(nil)) // all traffic coming into HTTP will be redirect to HTTPS automatically
 	// required for letsencrypt validation
@ -168,7 +169,7 @@ func runWeb(ctx *cli.Context) error {
 		}
 		err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
 	case setting.LetsEncrypt:
-		err = runLetsEncrypt(listenAddr, setting.Domain, context2.ClearHandler(m))
+		err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
 	case setting.FCGI:
 		listener, err := net.Listen("tcp", listenAddr)
 		if err != nil {
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@ -119,6 +119,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests
   on another (https) port.
 - `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true.
+- `LETSENCRYPT_DIRECTORY`: **https**: Directory that Letsencrypt will use to cache information such as certs and private keys
+- `LETSENCRYPT_EMAIL`: **email@example.com**: Email used by Letsencrypt to notify about problems with issued certificates. (No default)

 ## Database (`database`)

--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -106,6 +106,8 @@ var (
 	LandingPageURL       LandingPage
 	UnixSocketPermission uint32
 	EnablePprof          bool
+	LetsEncryptDirectory string
+	LetsEncryptEmail     string

 	SSH = struct {
 		Disabled             bool           `ini:"DISABLE_SSH"`
@ -712,6 +714,8 @@ func NewContext() {
 		UnixSocketPermission = uint32(UnixSocketPermissionParsed)
 	} else if sec.Key("PROTOCOL").String() == "letsencrypt" {
 		Protocol = LetsEncrypt
+		LetsEncryptDirectory = sec.Key("LETSENCRYPT_DIRECTORY").MustString("https")
+		LetsEncryptEmail = sec.Key("LETSENCRYPT_EMAIL").MustString("")
 	}
 	Domain = sec.Key("DOMAIN").MustString("localhost")
 	HTTPAddr = sec.Key("HTTP_ADDR").MustString("0.0.0.0")