From ac2e42a480c5bba2e5128017218b0fa1bed8e836 Mon Sep 17 00:00:00 2001
From: Christopher Speller <crspeller@gmail.com>
Date: Tue, 30 Jan 2018 10:12:42 -0800
Subject: Moving to golang.org/x/crypto/acme/autocert for Let's Encrypt
 functionality. (#8165)

---
 app/server.go | 41 ++++++++++++++++++++++++++++-------------
 1 file changed, 28 insertions(+), 13 deletions(-)

(limited to 'app/server.go')

diff --git a/app/server.go b/app/server.go
index eb2fa9b32..c008da3a1 100644
--- a/app/server.go
+++ b/app/server.go
@@ -10,13 +10,14 @@ import (
 	"io/ioutil"
 	"net"
 	"net/http"
+	"os"
 	"strings"
 	"time"
 
 	l4g "github.com/alecthomas/log4go"
 	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
-	"github.com/rsc/letsencrypt"
+	"golang.org/x/crypto/acme/autocert"
 	"gopkg.in/throttled/throttled.v2"
 	"gopkg.in/throttled/throttled.v2/store/memstore"
 
@@ -161,18 +162,34 @@ func (a *App) StartServer() {
 
 	l4g.Info(utils.T("api.server.start_server.listening.info"), listener.Addr().String())
 
+	// Migration from old let's encrypt library
+	if *a.Config().ServiceSettings.UseLetsEncrypt {
+		if stat, err := os.Stat(*a.Config().ServiceSettings.LetsEncryptCertificateCacheFile); err == nil && !stat.IsDir() {
+			os.Remove(*a.Config().ServiceSettings.LetsEncryptCertificateCacheFile)
+		}
+	}
+
+	m := &autocert.Manager{
+		Cache:  autocert.DirCache(*a.Config().ServiceSettings.LetsEncryptCertificateCacheFile),
+		Prompt: autocert.AcceptTOS,
+	}
+
 	if *a.Config().ServiceSettings.Forward80To443 {
-		go func() {
-			redirectListener, err := net.Listen("tcp", ":80")
-			if err != nil {
-				listener.Close()
-				l4g.Error("Unable to setup forwarding: " + err.Error())
-				return
-			}
-			defer redirectListener.Close()
+		if *a.Config().ServiceSettings.UseLetsEncrypt {
+			go http.ListenAndServe(":http", m.HTTPHandler(nil))
+		} else {
+			go func() {
+				redirectListener, err := net.Listen("tcp", ":80")
+				if err != nil {
+					listener.Close()
+					l4g.Error("Unable to setup forwarding: " + err.Error())
+					return
+				}
+				defer redirectListener.Close()
 
-			http.Serve(redirectListener, http.HandlerFunc(redirectHTTPToHTTPS))
-		}()
+				http.Serve(redirectListener, http.HandlerFunc(redirectHTTPToHTTPS))
+			}()
+		}
 	}
 
 	a.Srv.didFinishListen = make(chan struct{})
@@ -180,8 +197,6 @@ func (a *App) StartServer() {
 		var err error
 		if *a.Config().ServiceSettings.ConnectionSecurity == model.CONN_SECURITY_TLS {
 			if *a.Config().ServiceSettings.UseLetsEncrypt {
-				var m letsencrypt.Manager
-				m.CacheFile(*a.Config().ServiceSettings.LetsEncryptCertificateCacheFile)
 
 				tlsConfig := &tls.Config{
 					GetCertificate: m.GetCertificate,
-- 
cgit v1.2.3-1-g7c22