fix: use correct ACME default (#8550)
- The `ACME_URL` setting is documented to default to Let's encrypt production server if left empty, so do precisely that. - Use a HTTP proxy to communicate with ACME if Forgejo is configured to use that. - Regression of forgejo/forgejo#7409 (previously certmagic took care of setting these defaults). - Resolves forgejo/forgejo#8548 ## Testing 1. Configure Forgejo's root URL to a public facing domain (that can pass a ACME challenge) 2. Configure Forgejo to use ACME by setting `[server].ENABLE_ACME = true` and `[server].ACME_ACCEPTTOS = true`. 3. Start Forgejo. 4. Observe that it's available via https. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8550 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>
This commit is contained in:
		
					parent
					
						
							
								5645456cac
							
						
					
				
			
			
				commit
				
					
						27e853454d
					
				
			
		
					 2 changed files with 10 additions and 1 deletions
				
			
		|  | @ -15,6 +15,7 @@ import ( | ||||||
| 	"forgejo.org/modules/graceful" | 	"forgejo.org/modules/graceful" | ||||||
| 	"forgejo.org/modules/log" | 	"forgejo.org/modules/log" | ||||||
| 	"forgejo.org/modules/process" | 	"forgejo.org/modules/process" | ||||||
|  | 	"forgejo.org/modules/proxy" | ||||||
| 	"forgejo.org/modules/setting" | 	"forgejo.org/modules/setting" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/certmagic" | 	"github.com/caddyserver/certmagic" | ||||||
|  | @ -76,6 +77,12 @@ func runACME(listenAddr string, m http.Handler) error { | ||||||
| 		ListenHost:              setting.HTTPAddr, | 		ListenHost:              setting.HTTPAddr, | ||||||
| 		AltTLSALPNPort:          altTLSALPNPort, | 		AltTLSALPNPort:          altTLSALPNPort, | ||||||
| 		AltHTTPPort:             altHTTPPort, | 		AltHTTPPort:             altHTTPPort, | ||||||
|  | 		HTTPProxy:               proxy.Proxy(), | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	// Preserve behavior to use Let's encrypt test CA when Let's encrypt is CA. | ||||||
|  | 	if certmagic.DefaultACME.CA == certmagic.LetsEncryptProductionCA { | ||||||
|  | 		certmagic.DefaultACME.TestCA = certmagic.LetsEncryptStagingCA | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	magic := certmagic.NewDefault() | 	magic := certmagic.NewDefault() | ||||||
|  |  | ||||||
|  | @ -16,6 +16,8 @@ import ( | ||||||
| 	"forgejo.org/modules/json" | 	"forgejo.org/modules/json" | ||||||
| 	"forgejo.org/modules/log" | 	"forgejo.org/modules/log" | ||||||
| 	"forgejo.org/modules/util" | 	"forgejo.org/modules/util" | ||||||
|  | 
 | ||||||
|  | 	"github.com/caddyserver/certmagic" | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| // Scheme describes protocol types | // Scheme describes protocol types | ||||||
|  | @ -206,7 +208,7 @@ func loadServerFrom(rootCfg ConfigProvider) { | ||||||
| 			EnableAcme = sec.Key("ENABLE_LETSENCRYPT").MustBool(false) | 			EnableAcme = sec.Key("ENABLE_LETSENCRYPT").MustBool(false) | ||||||
| 		} | 		} | ||||||
| 		if EnableAcme { | 		if EnableAcme { | ||||||
| 			AcmeURL = sec.Key("ACME_URL").MustString("") | 			AcmeURL = sec.Key("ACME_URL").MustString(certmagic.LetsEncryptProductionCA) | ||||||
| 			AcmeCARoot = sec.Key("ACME_CA_ROOT").MustString("") | 			AcmeCARoot = sec.Key("ACME_CA_ROOT").MustString("") | ||||||
| 
 | 
 | ||||||
| 			if sec.HasKey("ACME_ACCEPTTOS") { | 			if sec.HasKey("ACME_ACCEPTTOS") { | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Gusted
				Gusted