Add the ability to specify registration ACME email and ACME URL.

This commit is contained in:
Aaron Bieber 2021-10-03 12:26:38 -06:00
parent 63fa475913
commit 8fa0fe65ba
4 changed files with 15 additions and 0 deletions

8
app.go
View file

@ -12,6 +12,7 @@ import (
"github.com/rs/zerolog/log"
"github.com/gin-gonic/gin"
"golang.org/x/crypto/acme"
"golang.org/x/crypto/acme/autocert"
"gorm.io/gorm"
"inet.af/netaddr"
@ -44,6 +45,9 @@ type Config struct {
TLSCertPath string
TLSKeyPath string
ACMEURL string
ACMEEmail string
DNSConfig *tailcfg.DNSConfig
}
@ -195,6 +199,10 @@ func (h *Headscale) Serve() error {
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(h.cfg.TLSLetsEncryptHostname),
Cache: autocert.DirCache(h.cfg.TLSLetsEncryptCacheDir),
Client: &acme.Client{
DirectoryURL: h.cfg.ACMEURL,
},
Email: h.cfg.ACMEEmail,
}
s.TLSConfig = m.TLSConfig()

View file

@ -169,6 +169,9 @@ func getHeadscaleApp() (*headscale.Headscale, error) {
TLSCertPath: absPath(viper.GetString("tls_cert_path")),
TLSKeyPath: absPath(viper.GetString("tls_key_path")),
ACMEEmail: absPath(viper.GetString("acme_email")),
ACMEURL: absPath(viper.GetString("acme_url")),
DNSConfig: GetDNSConfig(),
}

View file

@ -10,6 +10,8 @@
"db_name": "headscale",
"db_user": "foo",
"db_pass": "bar",
"acme_url": "https://acme-v02.api.letsencrypt.org/directory",
"acme_email": "",
"tls_letsencrypt_hostname": "",
"tls_letsencrypt_listen": ":http",
"tls_letsencrypt_cache_dir": ".cache",

View file

@ -6,6 +6,8 @@
"ephemeral_node_inactivity_timeout": "30m",
"db_type": "sqlite3",
"db_path": "db.sqlite",
"acme_url": "https://acme-v02.api.letsencrypt.org/directory",
"acme_email": "",
"tls_letsencrypt_hostname": "",
"tls_letsencrypt_listen": ":http",
"tls_letsencrypt_cache_dir": ".cache",