IntenseWebs/boringproxy
3
0
Fork 0
mirror of https://github.com/boringproxy/boringproxy.git synced 2025-02-25 18:55:29 -06:00
Code Issues Packages Projects Releases Wiki Activity

Disable ACME when using custom ports

Browse Source 
LetsEncrypt currently only supports ports 80/443 for ACME, so if
custom ports are used we need to disable automatically getting
certs.

Also changed it to only emit a warning when ports aren't
reachable from the internet, rather than failing.
This commit is contained in:
Anders Pitman 2022-01-01 16:32:51 -07:00
parent ec6739ea63
commit 46bb670b8f
2 changed files with 42 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
boringproxy.go
View File

@ -25,6 +25,7 @@ type Config struct {
SshServerPort int `json:"ssh_server_port"` SshServerPort int `json:"ssh_server_port"`
PublicIp string `json:"public_ip"` PublicIp string `json:"public_ip"`
namedropClient *namedrop.Client namedropClient *namedrop.Client
autoCerts bool
} }
type SmtpConfig struct { type SmtpConfig struct {
@ -71,12 +72,18 @@ func Listen() {
err = namedrop.CheckPublicAddress(ip, *httpPort) err = namedrop.CheckPublicAddress(ip, *httpPort)
if err != nil { if err != nil {
log.Fatal(err) fmt.Printf("WARNING: Failed to access port %d from the internet\n", *httpPort)
} }
err = namedrop.CheckPublicAddress(ip, *httpsPort) err = namedrop.CheckPublicAddress(ip, *httpsPort)
if err != nil { if err != nil {
log.Fatal(err) fmt.Printf("WARNING: Failed to access port %d from the internet\n", *httpsPort)
}
autoCerts := true
if *httpPort != 80 || *httpsPort != 443 {
fmt.Printf("WARNING: LetsEncrypt only supports HTTP/HTTPS ports 80/443. You are using %d/%d. Disabling automatic certificate management\n", *httpPort, *httpsPort)
autoCerts = false
} }
if *certDir != "" { if *certDir != "" {
@ -95,17 +102,19 @@ func Listen() {
if adminDomain == "" { if adminDomain == "" {
err = setAdminDomain(certConfig, db, namedropClient) err = setAdminDomain(certConfig, db, namedropClient, autoCerts)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
} else { } else {
if autoCerts {
err = certConfig.ManageSync(context.Background(), []string{adminDomain}) err = certConfig.ManageSync(context.Background(), []string{adminDomain})
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
log.Print(fmt.Sprintf("Successfully acquired certificate for admin domain (%s)", adminDomain)) log.Print(fmt.Sprintf("Successfully acquired certificate for admin domain (%s)", adminDomain))
} }
}
// Add admin user if it doesn't already exist // Add admin user if it doesn't already exist
users := db.GetUsers() users := db.GetUsers()
@ -133,6 +142,7 @@ func Listen() {
SshServerPort: *sshServerPort, SshServerPort: *sshServerPort,
PublicIp: ip, PublicIp: ip,
namedropClient: namedropClient, namedropClient: namedropClient,
autoCerts: autoCerts,
} }
tunMan := NewTunnelManager(config, db, certConfig) tunMan := NewTunnelManager(config, db, certConfig)
@ -206,11 +216,13 @@ func Listen() {
db.SetAdminDomain(fqdn) db.SetAdminDomain(fqdn)
namedropClient.SetDomain(fqdn) namedropClient.SetDomain(fqdn)
if autoCerts {
// TODO: Might want to get all certs here, not just the admin domain // TODO: Might want to get all certs here, not just the admin domain
err := certConfig.ManageSync(r.Context(), []string{fqdn}) err := certConfig.ManageSync(r.Context(), []string{fqdn})
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
}
http.Redirect(w, r, fmt.Sprintf("https://%s", fqdn), 303) http.Redirect(w, r, fmt.Sprintf("https://%s", fqdn), 303)
} else { } else {
@ -342,16 +354,18 @@ func (p *Server) passthroughRequest(conn net.Conn, tunnel Tunnel) {
wg.Wait() wg.Wait()
} }
func setAdminDomain(certConfig *certmagic.Config, db *Database, namedropClient *namedrop.Client) error { func setAdminDomain(certConfig *certmagic.Config, db *Database, namedropClient *namedrop.Client, autoCerts bool) error {
action := prompt("\nNo admin domain set. Enter '1' to input manually, or '2' to configure through TakingNames.io\n") action := prompt("\nNo admin domain set. Enter '1' to input manually, or '2' to configure through TakingNames.io\n")
switch action { switch action {
case "1": case "1":
adminDomain := prompt("\nEnter admin domain:\n") adminDomain := prompt("\nEnter admin domain:\n")
if autoCerts {
err := certConfig.ManageSync(context.Background(), []string{adminDomain}) err := certConfig.ManageSync(context.Background(), []string{adminDomain})
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
}
db.SetAdminDomain(adminDomain) db.SetAdminDomain(adminDomain)
case "2": case "2":

4
tunnel_manager.go
View File

@ -33,6 +33,7 @@ func NewTunnelManager(config *Config, db *Database, certConfig *certmagic.Config
log.Fatalf("Unable to get current user: %v", err) log.Fatalf("Unable to get current user: %v", err)
} }
if config.autoCerts {
for domainName, tun := range db.GetTunnels() { for domainName, tun := range db.GetTunnels() {
if tun.TlsTermination == "server" { if tun.TlsTermination == "server" {
err = certConfig.ManageSync(context.Background(), []string{domainName}) err = certConfig.ManageSync(context.Background(), []string{domainName})
@ -42,6 +43,7 @@ func NewTunnelManager(config *Config, db *Database, certConfig *certmagic.Config
} }
} }
} }
}
mutex := &sync.Mutex{} mutex := &sync.Mutex{}
return &TunnelManager{config, db, mutex, certConfig, user} return &TunnelManager{config, db, mutex, certConfig, user}
@ -62,11 +64,13 @@ func (m *TunnelManager) RequestCreateTunnel(tunReq Tunnel) (Tunnel, error) {
} }
if tunReq.TlsTermination == "server" { if tunReq.TlsTermination == "server" {
if m.config.autoCerts {
err := m.certConfig.ManageSync(context.Background(), []string{tunReq.Domain}) err := m.certConfig.ManageSync(context.Background(), []string{tunReq.Domain})
if err != nil { if err != nil {
return Tunnel{}, errors.New("Failed to get cert") return Tunnel{}, errors.New("Failed to get cert")
} }
} }
}
m.mutex.Lock() m.mutex.Lock()
defer m.mutex.Unlock() defer m.mutex.Unlock()