Add Let's Encrypt integration

2025-06-27 16:36:00 +00:00 · 2017-11-22 13:11:01 -08:00 · 2017-11-22 13:11:01 -08:00 · 3b40ce4960
commit 3b40ce4960
parent 199b1fd6c3
10 changed files with 32 additions and 21 deletions
--- a/server/server.go
+++ b/server/server.go
@ -12,6 +12,7 @@ import (

 	"github.com/gorilla/mux"
 	"github.com/miniflux/miniflux2/scheduler"
+	"golang.org/x/crypto/acme/autocert"

 	"github.com/miniflux/miniflux2/config"
 	"github.com/miniflux/miniflux2/reader/feed"
@ -26,6 +27,8 @@ func NewServer(cfg *config.Config, store *storage.Storage, pool *scheduler.Worke
 func startServer(cfg *config.Config, handler *mux.Router) *http.Server {
 	certFile := cfg.Get("CERT_FILE", config.DefaultCertFile)
 	keyFile := cfg.Get("KEY_FILE", config.DefaultKeyFile)
+	certDomain := cfg.Get("CERT_DOMAIN", config.DefaultCertDomain)
+	certCache := cfg.Get("CERT_CACHE", config.DefaultCertCache)
 	server := &http.Server{
 		ReadTimeout:  5 * time.Second,
 		WriteTimeout: 10 * time.Second,
@ -34,23 +37,29 @@ func startServer(cfg *config.Config, handler *mux.Router) *http.Server {
 		Handler:      handler,
 	}

-	if certFile != "" && keyFile != "" {
-		server.TLSConfig = &tls.Config{
-			MinVersion: tls.VersionTLS12,
+	if certDomain != "" && certCache != "" {
+		server.Addr = ":https"
+		certManager := autocert.Manager{
+			Cache:      autocert.DirCache(certCache),
+			Prompt:     autocert.AcceptTOS,
+			HostPolicy: autocert.HostWhitelist(certDomain),
 		}

+		go func() {
+			log.Printf(`Listening on "%s" by using auto-configured certificate for "%s"`, server.Addr, certDomain)
+			log.Fatalln(server.Serve(certManager.Listener()))
+		}()
+	} else if certFile != "" && keyFile != "" {
+		server.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12}
+
 		go func() {
 			log.Printf(`Listening on "%s" by using certificate "%s" and key "%s"`, server.Addr, certFile, keyFile)
-			if err := server.ListenAndServeTLS(certFile, keyFile); err != nil {
-				log.Fatalln(err)
-			}
+			log.Fatalln(server.ListenAndServeTLS(certFile, keyFile))
 		}()
 	} else {
 		go func() {
 			log.Printf(`Listening on "%s" without TLS`, server.Addr)
-			if err := server.ListenAndServe(); err != nil {
-				log.Fatalln(err)
-			}
+			log.Fatalln(server.ListenAndServe())
 		}()
 	}