From d2f6de01856917b19e1f1ba6028f7e05d60e674b Mon Sep 17 00:00:00 2001 From: Daenney Date: Sat, 4 Mar 2023 18:24:02 +0100 Subject: [feature] Allow loading TLS certs from disk (#1586) Currently, GtS only supports using the built-in LE client directly for TLS. However, admins may still want to use GtS directly (so without a reverse proxy) but with certificates provided through some other mechanism. They may have some centralised way of provisioning these things themselves, or simply prefer to use LE but with a different challenge like DNS-01 which is not supported by autocert. This adds support for loading a public/private keypair from disk instead of using LE and reconfigures the server to use a TLS listener if we succeed in doing so. Additionally, being able to load TLS keypair from disk opens up the path to using a custom CA for testing purposes avoinding the need for a constellation of containers and something like Pebble or Step CA to provide LE APIs. --- example/config.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'example') diff --git a/example/config.yaml b/example/config.yaml index 74c47dd8b..bdd3c4cc2 100644 --- a/example/config.yaml +++ b/example/config.yaml @@ -575,6 +575,22 @@ letsencrypt-cert-dir: "/gotosocial/storage/certs" # Default: "" letsencrypt-email-address: "" +############################## +##### MANUAL TLS CONFIG ##### +############################## + +# String. Path to a PEM-encoded file on disk that includes the certificate chain +# and the public key +# Examples: ["/gotosocial/storage/certs/chain.pem"] +# Default: "" +tls-certificate-chain: "" + +# String. Path to a PEM-encoded file on disk containing the private key for the +# associated tls-certificate-chain +# Examples: ["/gotosocial/storage/certs/private.pem"] +# Default: "" +tls-certificate-key: "" + ####################### ##### OIDC CONFIG ##### ####################### -- cgit v1.2.3