Disable ACME when using custom ports

LetsEncrypt currently only supports ports 80/443 for ACME, so if
custom ports are used we need to disable automatically getting
certs.

Also changed it to only emit a warning when ports aren't
reachable from the internet, rather than failing.

boringproxy.go

@@ -25,6 +25,7 @@ type Config struct {
 	SshServerPort  int    `json:"ssh_server_port"`
 	PublicIp       string `json:"public_ip"`
 	namedropClient *namedrop.Client
+	autoCerts      bool
 }
 
 type SmtpConfig struct {
@@ -71,12 +72,18 @@ func Listen() {
 
 	err = namedrop.CheckPublicAddress(ip, *httpPort)
 	if err != nil {
-		log.Fatal(err)
+		fmt.Printf("WARNING: Failed to access port %d from the internet\n", *httpPort)
 	}
 
 	err = namedrop.CheckPublicAddress(ip, *httpsPort)
 	if err != nil {
-		log.Fatal(err)
+		fmt.Printf("WARNING: Failed to access port %d from the internet\n", *httpsPort)
+	}
+
+	autoCerts := true
+	if *httpPort != 80 || *httpsPort != 443 {
+		fmt.Printf("WARNING: LetsEncrypt only supports HTTP/HTTPS ports 80/443. You are using %d/%d. Disabling automatic certificate management\n", *httpPort, *httpsPort)
+		autoCerts = false
 	}
 
 	if *certDir != "" {
@@ -95,17 +102,19 @@ func Listen() {
 
 	if adminDomain == "" {
 
-		err = setAdminDomain(certConfig, db, namedropClient)
+		err = setAdminDomain(certConfig, db, namedropClient, autoCerts)
 		if err != nil {
 			log.Fatal(err)
 		}
 	} else {
+		if autoCerts {
 			err = certConfig.ManageSync(context.Background(), []string{adminDomain})
 			if err != nil {
 				log.Fatal(err)
 			}
 			log.Print(fmt.Sprintf("Successfully acquired certificate for admin domain (%s)", adminDomain))
 		}
+	}
 
 	// Add admin user if it doesn't already exist
 	users := db.GetUsers()
@@ -133,6 +142,7 @@ func Listen() {
 		SshServerPort:  *sshServerPort,
 		PublicIp:       ip,
 		namedropClient: namedropClient,
+		autoCerts:      autoCerts,
 	}
 
 	tunMan := NewTunnelManager(config, db, certConfig)
@@ -206,11 +216,13 @@ func Listen() {
 				db.SetAdminDomain(fqdn)
 				namedropClient.SetDomain(fqdn)
 
+				if autoCerts {
 					// TODO: Might want to get all certs here, not just the admin domain
 					err := certConfig.ManageSync(r.Context(), []string{fqdn})
 					if err != nil {
 						log.Fatal(err)
 					}
+				}
 
 				http.Redirect(w, r, fmt.Sprintf("https://%s", fqdn), 303)
 			} else {
@@ -342,16 +354,18 @@ func (p *Server) passthroughRequest(conn net.Conn, tunnel Tunnel) {
 	wg.Wait()
 }
 
-func setAdminDomain(certConfig *certmagic.Config, db *Database, namedropClient *namedrop.Client) error {
+func setAdminDomain(certConfig *certmagic.Config, db *Database, namedropClient *namedrop.Client, autoCerts bool) error {
 	action := prompt("\nNo admin domain set. Enter '1' to input manually, or '2' to configure through TakingNames.io\n")
 	switch action {
 	case "1":
 		adminDomain := prompt("\nEnter admin domain:\n")
 
+		if autoCerts {
 			err := certConfig.ManageSync(context.Background(), []string{adminDomain})
 			if err != nil {
 				log.Fatal(err)
 			}
+		}
 
 		db.SetAdminDomain(adminDomain)
 	case "2":

tunnel_manager.go

@@ -33,6 +33,7 @@ func NewTunnelManager(config *Config, db *Database, certConfig *certmagic.Config
 		log.Fatalf("Unable to get current user: %v", err)
 	}
 
+	if config.autoCerts {
 		for domainName, tun := range db.GetTunnels() {
 			if tun.TlsTermination == "server" {
 				err = certConfig.ManageSync(context.Background(), []string{domainName})
@@ -42,6 +43,7 @@ func NewTunnelManager(config *Config, db *Database, certConfig *certmagic.Config
 				}
 			}
 		}
+	}
 
 	mutex := &sync.Mutex{}
 	return &TunnelManager{config, db, mutex, certConfig, user}
@@ -62,11 +64,13 @@ func (m *TunnelManager) RequestCreateTunnel(tunReq Tunnel) (Tunnel, error) {
 	}
 
 	if tunReq.TlsTermination == "server" {
+		if m.config.autoCerts {
 			err := m.certConfig.ManageSync(context.Background(), []string{tunReq.Domain})
 			if err != nil {
 				return Tunnel{}, errors.New("Failed to get cert")
 			}
 		}
+	}
 
 	m.mutex.Lock()
 	defer m.mutex.Unlock()