diff options
| author |  Daenney <daenney@users.noreply.github.com> | 2023-03-04 18:24:02 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2023-03-04 17:24:02 +0000 |
| commit | d2f6de01856917b19e1f1ba6028f7e05d60e674b (patch) | |
| tree | a8dd7a0718f67dc7248a5e2c9c98db20a6fb2741 /internal/config/defaults.go | |
| parent | use updateattachment when updating to ensure cache is invalidated (#1587) (diff) | |
| download | gotosocial-d2f6de01856917b19e1f1ba6028f7e05d60e674b.tar.xz | |
[feature] Allow loading TLS certs from disk (#1586)
Currently, GtS only supports using the built-in LE client directly for
TLS. However, admins may still want to use GtS directly (so without a
reverse proxy) but with certificates provided through some other
mechanism. They may have some centralised way of provisioning these
things themselves, or simply prefer to use LE but with a different
challenge like DNS-01 which is not supported by autocert.
This adds support for loading a public/private keypair from disk instead
of using LE and reconfigures the server to use a TLS listener if we
succeed in doing so.
Additionally, being able to load TLS keypair from disk opens up the path
to using a custom CA for testing purposes avoinding the need for a
constellation of containers and something like Pebble or Step CA to
provide LE APIs.
Diffstat (limited to 'internal/config/defaults.go')
| -rw-r--r-- | internal/config/defaults.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/internal/config/defaults.go b/internal/config/defaults.go index e9dd2b743..7d2427ee7 100644 --- a/internal/config/defaults.go +++ b/internal/config/defaults.go @@ -91,6 +91,9 @@ var Defaults = Configuration{ LetsEncryptCertDir: "/gotosocial/storage/certs", LetsEncryptEmailAddress: "", + TLSCertificateChain: "", + TLSCertificateKey: "", + OIDCEnabled: false, OIDCIdpName: "", OIDCSkipVerification: false, |