From d2f6de01856917b19e1f1ba6028f7e05d60e674b Mon Sep 17 00:00:00 2001 From: Daenney Date: Sat, 4 Mar 2023 18:24:02 +0100 Subject: [feature] Allow loading TLS certs from disk (#1586) Currently, GtS only supports using the built-in LE client directly for TLS. However, admins may still want to use GtS directly (so without a reverse proxy) but with certificates provided through some other mechanism. They may have some centralised way of provisioning these things themselves, or simply prefer to use LE but with a different challenge like DNS-01 which is not supported by autocert. This adds support for loading a public/private keypair from disk instead of using LE and reconfigures the server to use a TLS listener if we succeed in doing so. Additionally, being able to load TLS keypair from disk opens up the path to using a custom CA for testing purposes avoinding the need for a constellation of containers and something like Pebble or Step CA to provide LE APIs. --- internal/config/helpers.gen.go | 50 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'internal/config/helpers.gen.go') diff --git a/internal/config/helpers.gen.go b/internal/config/helpers.gen.go index 5ea7b61b6..b021ed617 100644 --- a/internal/config/helpers.gen.go +++ b/internal/config/helpers.gen.go @@ -1524,6 +1524,56 @@ func GetLetsEncryptEmailAddress() string { return global.GetLetsEncryptEmailAddr // SetLetsEncryptEmailAddress safely sets the value for global configuration 'LetsEncryptEmailAddress' field func SetLetsEncryptEmailAddress(v string) { global.SetLetsEncryptEmailAddress(v) } +// GetTLSCertificateChain safely fetches the Configuration value for state's 'TLSCertificateChain' field +func (st *ConfigState) GetTLSCertificateChain() (v string) { + st.mutex.Lock() + v = st.config.TLSCertificateChain + st.mutex.Unlock() + return +} + +// SetTLSCertificateChain safely sets the Configuration value for state's 'TLSCertificateChain' field +func (st *ConfigState) SetTLSCertificateChain(v string) { + st.mutex.Lock() + defer st.mutex.Unlock() + st.config.TLSCertificateChain = v + st.reloadToViper() +} + +// TLSCertificateChainFlag returns the flag name for the 'TLSCertificateChain' field +func TLSCertificateChainFlag() string { return "tls-certificate-chain" } + +// GetTLSCertificateChain safely fetches the value for global configuration 'TLSCertificateChain' field +func GetTLSCertificateChain() string { return global.GetTLSCertificateChain() } + +// SetTLSCertificateChain safely sets the value for global configuration 'TLSCertificateChain' field +func SetTLSCertificateChain(v string) { global.SetTLSCertificateChain(v) } + +// GetTLSCertificateKey safely fetches the Configuration value for state's 'TLSCertificateKey' field +func (st *ConfigState) GetTLSCertificateKey() (v string) { + st.mutex.Lock() + v = st.config.TLSCertificateKey + st.mutex.Unlock() + return +} + +// SetTLSCertificateKey safely sets the Configuration value for state's 'TLSCertificateKey' field +func (st *ConfigState) SetTLSCertificateKey(v string) { + st.mutex.Lock() + defer st.mutex.Unlock() + st.config.TLSCertificateKey = v + st.reloadToViper() +} + +// TLSCertificateKeyFlag returns the flag name for the 'TLSCertificateKey' field +func TLSCertificateKeyFlag() string { return "tls-certificate-key" } + +// GetTLSCertificateKey safely fetches the value for global configuration 'TLSCertificateKey' field +func GetTLSCertificateKey() string { return global.GetTLSCertificateKey() } + +// SetTLSCertificateKey safely sets the value for global configuration 'TLSCertificateKey' field +func SetTLSCertificateKey(v string) { global.SetTLSCertificateKey(v) } + // GetOIDCEnabled safely fetches the Configuration value for state's 'OIDCEnabled' field func (st *ConfigState) GetOIDCEnabled() (v bool) { st.mutex.Lock() -- cgit v1.2.3