Add Let's Encrypt integration

2025-08-11 17:51:01 +00:00 · 2017-11-22 13:11:01 -08:00 · 2017-11-22 13:11:01 -08:00 · 3b40ce4960
commit 3b40ce4960
parent 199b1fd6c3
10 changed files with 32 additions and 21 deletions
--- a/server/server.go
+++ b/server/server.go
@ -12,6 +12,7 @@ import (

 	"github.com/gorilla/mux"
 	"github.com/miniflux/miniflux2/scheduler"
+	"golang.org/x/crypto/acme/autocert"

 	"github.com/miniflux/miniflux2/config"
 	"github.com/miniflux/miniflux2/reader/feed"
@ -26,6 +27,8 @@ func NewServer(cfg *config.Config, store *storage.Storage, pool *scheduler.Worke
 func startServer(cfg *config.Config, handler *mux.Router) *http.Server {
 	certFile := cfg.Get("CERT_FILE", config.DefaultCertFile)
 	keyFile := cfg.Get("KEY_FILE", config.DefaultKeyFile)
+	certDomain := cfg.Get("CERT_DOMAIN", config.DefaultCertDomain)
+	certCache := cfg.Get("CERT_CACHE", config.DefaultCertCache)
 	server := &http.Server{
 		ReadTimeout:  5 * time.Second,
 		WriteTimeout: 10 * time.Second,
@ -34,23 +37,29 @@ func startServer(cfg *config.Config, handler *mux.Router) *http.Server {
 		Handler:      handler,
 	}

-	if certFile != "" && keyFile != "" {
-		server.TLSConfig = &tls.Config{
-			MinVersion: tls.VersionTLS12,
+	if certDomain != "" && certCache != "" {
+		server.Addr = ":https"
+		certManager := autocert.Manager{
+			Cache:      autocert.DirCache(certCache),
+			Prompt:     autocert.AcceptTOS,
+			HostPolicy: autocert.HostWhitelist(certDomain),
 		}

+		go func() {
+			log.Printf(`Listening on "%s" by using auto-configured certificate for "%s"`, server.Addr, certDomain)
+			log.Fatalln(server.Serve(certManager.Listener()))
+		}()
+	} else if certFile != "" && keyFile != "" {
+		server.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12}
+
 		go func() {
 			log.Printf(`Listening on "%s" by using certificate "%s" and key "%s"`, server.Addr, certFile, keyFile)
-			if err := server.ListenAndServeTLS(certFile, keyFile); err != nil {
-				log.Fatalln(err)
-			}
+			log.Fatalln(server.ListenAndServeTLS(certFile, keyFile))
 		}()
 	} else {
 		go func() {
 			log.Printf(`Listening on "%s" without TLS`, server.Addr)
-			if err := server.ListenAndServe(); err != nil {
-				log.Fatalln(err)
-			}
+			log.Fatalln(server.ListenAndServe())
 		}()
 	}

--- a/server/static/bin.go
+++ b/server/static/bin.go
@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-11-21 22:32:06.342731949 -0800 PST m=+0.008105258
+// 2017-11-22 12:56:32.154538505 -0800 PST m=+0.006049127

 package static

--- a/server/static/css.go
+++ b/server/static/css.go
@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-11-21 22:32:06.344826414 -0800 PST m=+0.010199723
+// 2017-11-22 12:56:32.155674865 -0800 PST m=+0.007185487

 package static

--- a/server/static/js.go
+++ b/server/static/js.go
@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-11-21 22:32:06.347626921 -0800 PST m=+0.013000230
+// 2017-11-22 12:56:32.159728625 -0800 PST m=+0.011239247

 package static

--- a/server/template/common.go
+++ b/server/template/common.go
@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-11-21 22:32:06.368574596 -0800 PST m=+0.033947905
+// 2017-11-22 12:56:32.174424983 -0800 PST m=+0.025935605

 package template

--- a/server/template/views.go
+++ b/server/template/views.go
@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-11-21 22:32:06.350434639 -0800 PST m=+0.015807948
+// 2017-11-22 12:56:32.16193023 -0800 PST m=+0.013440852

 package template