Skip to content

Commit 8ede2d9

Browse files
txthinkingtxthinking
committed
custom cert
1 parent 3ee2502 commit 8ede2d9

File tree

2 files changed

+104
-9
lines changed

2 files changed

+104
-9
lines changed

Diff for: main.go

+38-1
Original file line numberDiff line numberDiff line change
@@ -28,17 +28,30 @@ import (
2828

2929
var maxbody int64 = 0
3030
var timeout int64 = 0
31+
var port int64 = 443
3132
var niconame string = "github.com/txthinking/nico"
33+
var certpath string = "/root/.nico/"
3234

3335
func main() {
3436
if err := limits.Raise(); err != nil {
3537
log.Println("Try to raise system limits, got", err)
3638
}
39+
if os.Getenv("NICO_PORT") != "" {
40+
var err error
41+
port, err = strconv.ParseInt(os.Getenv("NICO_PORT"), 10, 64)
42+
if err != nil {
43+
log.Println(err)
44+
return
45+
}
46+
}
3747
maxbody, _ = strconv.ParseInt(os.Getenv("NICO_MAX_BODY"), 10, 64)
3848
timeout, _ = strconv.ParseInt(os.Getenv("NICO_TIMEOUT"), 10, 64)
3949
if s := os.Getenv("NICO_NAME"); s != "" {
4050
niconame = s
4151
}
52+
if s := os.Getenv("NICO_CERT"); s != "" {
53+
certpath = s
54+
}
4255

4356
if len(os.Args) == 1 || (len(os.Args) > 1 && (os.Args[1] == "version" || os.Args[1] == "help" || os.Args[1] == "-v" || os.Args[1] == "--version" || os.Args[1] == "-h" || os.Args[1] == "--help")) {
4457
fmt.Print(`
@@ -68,13 +81,37 @@ Multiple domains:
6881
6982
$ nico domain0.com /path/to/web/root domain1.com /another/web/root domain1.com/ws http://127.0.0.1:9999 domain1.com/api/ http://127.0.0.1:2020
7083
84+
Custom certificate:
85+
86+
Put your certificate to NICO_CERT, default: /root/.nico/
87+
- File name format
88+
- DOMAIN.cert.pem
89+
- DOMAIN.key.pem
90+
- Simple domain certificate
91+
- Example: domain.com
92+
- domain.com.cert.pem
93+
- domain.com.key.pem
94+
- Example: a.domain.com
95+
- a.domain.com.cert.pem
96+
- a.domain.com.key.pem
97+
- Wildcard domain certificate
98+
- Example: *.domain.com
99+
- .domain.com.cert.pem
100+
- .domain.com.key.pem
101+
- Example: *.a.domain.com
102+
- .a.domain.com.cert.pem
103+
- .a.domain.com.key.pem
104+
If nico does not find certificate for a domain name, then apply for a certificate automatically
105+
71106
Env variables:
72107
108+
NICO_PORT: default 443
109+
NICO_CERT: default /root/.nico/
73110
NICO_MAX_BODY: Maximum body size(b)
74111
NICO_TIMEOUT: Read/write timeout(s)
75112
76113
Verson:
77-
v20211217
114+
v20220401
78115
79116
Copyright:
80117
https://github.com/txthinking/nico

Diff for: server.go

+66-8
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,12 @@ package main
33
import (
44
"crypto/tls"
55
"errors"
6+
"io/ioutil"
67
"log"
78
"net/http"
9+
"os"
10+
"path/filepath"
11+
"strconv"
812
"strings"
913
"time"
1014

@@ -64,21 +68,75 @@ func Server(ll []string) (*http.Server, error) {
6468
})
6569
n.UseHandler(nico)
6670

67-
m := autocert.Manager{
68-
Cache: autocert.DirCache(".letsencrypt"),
69-
Prompt: autocert.AcceptTOS,
70-
HostPolicy: autocert.HostWhitelist(nico.Domains()...),
71-
Email: "[email protected]",
71+
certs := make(map[string]*tls.Certificate)
72+
auto := make([]string, 0)
73+
for _, v := range nico.Domains() {
74+
c, err := ioutil.ReadFile(filepath.Join(certpath, v+".cert.pem"))
75+
if err != nil && !os.IsNotExist(err) {
76+
return nil, err
77+
}
78+
k, err := ioutil.ReadFile(filepath.Join(certpath, v+".key.pem"))
79+
if err != nil && !os.IsNotExist(err) {
80+
return nil, err
81+
}
82+
if c != nil && k != nil {
83+
ct, err := tls.X509KeyPair(c, k)
84+
if err != nil {
85+
return nil, err
86+
}
87+
certs[v] = &ct
88+
continue
89+
}
90+
if strings.Index(v, ".") != -1 {
91+
c, err := ioutil.ReadFile(filepath.Join(certpath, v[strings.Index(v, "."):]+".cert.pem"))
92+
if err != nil && !os.IsNotExist(err) {
93+
return nil, err
94+
}
95+
k, err := ioutil.ReadFile(filepath.Join(certpath, v[strings.Index(v, "."):]+".key.pem"))
96+
if err != nil && !os.IsNotExist(err) {
97+
return nil, err
98+
}
99+
if c != nil && k != nil {
100+
ct, err := tls.X509KeyPair(c, k)
101+
if err != nil {
102+
return nil, err
103+
}
104+
certs[v] = &ct
105+
continue
106+
}
107+
}
108+
auto = append(auto, v)
109+
}
110+
111+
var m autocert.Manager
112+
if len(auto) != 0 {
113+
m = autocert.Manager{
114+
Cache: autocert.DirCache(".letsencrypt"),
115+
Prompt: autocert.AcceptTOS,
116+
HostPolicy: autocert.HostWhitelist(auto...),
117+
Email: "[email protected]",
118+
}
119+
go http.ListenAndServe(":80", m.HTTPHandler(nil))
72120
}
73-
go http.ListenAndServe(":80", m.HTTPHandler(nil))
74121
return &http.Server{
75-
Addr: ":443",
122+
Addr: ":" + strconv.FormatInt(port, 10),
76123
ReadTimeout: time.Duration(timeout) * time.Second,
77124
WriteTimeout: time.Duration(timeout) * time.Second,
78125
IdleTimeout: time.Duration(timeout) * time.Second,
79126
MaxHeaderBytes: 1 << 20,
80127
Handler: n,
81128
ErrorLog: log.New(&tlserr{}, "", log.LstdFlags),
82-
TLSConfig: &tls.Config{GetCertificate: m.GetCertificate},
129+
TLSConfig: &tls.Config{
130+
GetCertificate: func(c *tls.ClientHelloInfo) (*tls.Certificate, error) {
131+
v, ok := certs[c.ServerName]
132+
if ok {
133+
return v, nil
134+
}
135+
if len(auto) != 0 {
136+
return m.GetCertificate(c)
137+
}
138+
return nil, errors.New("Not found " + c.ServerName)
139+
},
140+
},
83141
}, nil
84142
}

0 commit comments

Comments
 (0)