Merge pull request #180 from boringproxy/custom-ca

Custom ca
2025-02-25 18:55:29 -06:00 · 2022-05-11 18:39:11 -06:00 · 2022-05-11 18:39:11 -06:00 · 004fea55f7
commit 004fea55f7
parent 8f9c5f3914 fd3af1154c
3 changed files with 12 additions and 0 deletions
--- a/boringproxy.go
+++ b/boringproxy.go
@ -57,6 +57,7 @@ func Listen() {
 	acmeEmail := flagSet.String("acme-email", "", "Email for ACME (ie Let's Encrypt)")
 	acmeUseStaging := flagSet.Bool("acme-use-staging", false, "Use ACME (ie Let's Encrypt) staging servers")
 	acceptCATerms := flagSet.Bool("accept-ca-terms", false, "Automatically accept CA terms")
+	acmeCa := flagSet.String("acme-certificate-authority", "", "URI for ACME Certificate Authority")
 	err := flagSet.Parse(os.Args[2:])
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s: parsing flags: %s\n", os.Args[0], err)
@ -117,6 +118,10 @@ func Listen() {
 		certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA
 	}

+	if *acmeCa != "" {
+		certmagic.DefaultACME.CA = *acmeCa
+	}
+
 	certConfig := certmagic.NewDefault()

 	if *newAdminDomain != "" {
--- a/client.go
+++ b/client.go
@ -39,6 +39,7 @@ type ClientConfig struct {
 	CertDir        string `json:"certDir,omitempty"`
 	AcmeEmail      string `json:"acmeEmail,omitempty"`
 	AcmeUseStaging bool   `json:"acmeUseStaging,omitempty"`
+	AcmeCa         string `json:"acmeCa,omitempty"`
 	DnsServer      string `json:"dnsServer,omitempty"`
 	BehindProxy    bool   `json:"behindProxy,omitempty"`
 }
@ -84,6 +85,10 @@ func NewClient(config *ClientConfig) (*Client, error) {
 		certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA
 	}

+	if config.AcmeCa != "" {
+		certmagic.DefaultACME.CA = config.AcmeCa
+	}
+
 	certConfig := certmagic.NewDefault()

 	httpClient := &http.Client{
--- a/cmd/boringproxy/main.go
+++ b/cmd/boringproxy/main.go
@ -93,6 +93,7 @@ func main() {
 		certDir := flagSet.String("cert-dir", "", "TLS cert directory")
 		acmeEmail := flagSet.String("acme-email", "", "Email for ACME (ie Let's Encrypt)")
 		acmeUseStaging := flagSet.Bool("acme-use-staging", false, "Use ACME (ie Let's Encrypt) staging servers")
+		acmeCa := flagSet.String("acme-certificate-authority", "", "URI for ACME Certificate Authority")
 		dnsServer := flagSet.String("dns-server", "", "Custom DNS server")
 		behindProxy := flagSet.Bool("behind-proxy", false, "Whether we're running behind another reverse proxy")

@ -117,6 +118,7 @@ func main() {
 			CertDir:        *certDir,
 			AcmeEmail:      *acmeEmail,
 			AcmeUseStaging: *acmeUseStaging,
+			AcmeCa:         *acmeCa,
 			DnsServer:      *dnsServer,
 			BehindProxy:    *behindProxy,
 		}