From ca6667cedebb3a62725a1b609e003793a5491aa8 Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Thu, 17 Feb 2022 14:08:32 -0700 Subject: [PATCH] Add flag to use Let's Encrypt staging --- boringproxy.go | 7 ++++++- client.go | 21 +++++++++++++-------- cmd/boringproxy/main.go | 18 ++++++++++-------- 3 files changed, 29 insertions(+), 17 deletions(-) diff --git a/boringproxy.go b/boringproxy.go index b8e4761..1e0d96d 100644 --- a/boringproxy.go +++ b/boringproxy.go @@ -53,6 +53,7 @@ func Listen() { allowHttp := flagSet.Bool("allow-http", false, "Allow unencrypted (HTTP) requests") publicIp := flagSet.String("public-ip", "", "Public IP") behindProxy := flagSet.Bool("behind-proxy", false, "Whether we're running behind another reverse proxy") + acmeUseStaging := flagSet.Bool("acme-use-staging", false, "Use ACME (ie Let's Encrypt) staging servers") err := flagSet.Parse(os.Args[2:]) if err != nil { fmt.Fprintf(os.Stderr, "%s: parsing flags: %s\n", os.Args[0], err) @@ -99,7 +100,11 @@ func Listen() { } //certmagic.DefaultACME.DisableHTTPChallenge = true //certmagic.DefaultACME.DisableTLSALPNChallenge = true - //certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA + + if *acmeUseStaging { + certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA + } + certConfig := certmagic.NewDefault() if *newAdminDomain != "" { diff --git a/client.go b/client.go index 43d2472..1b7389a 100644 --- a/client.go +++ b/client.go @@ -34,14 +34,15 @@ type Client struct { } type ClientConfig struct { - ServerAddr string `json:"serverAddr,omitempty"` - Token string `json:"token,omitempty"` - ClientName string `json:"clientName,omitempty"` - User string `json:"user,omitempty"` - CertDir string `json:"certDir,omitempty"` - AcmeEmail string `json:"acmeEmail,omitempty"` - DnsServer string `json:"dnsServer,omitempty"` - BehindProxy bool `json:"behindProxy,omitempty"` + ServerAddr string `json:"serverAddr,omitempty"` + Token string `json:"token,omitempty"` + ClientName string `json:"clientName,omitempty"` + User string `json:"user,omitempty"` + CertDir string `json:"certDir,omitempty"` + AcmeEmail string `json:"acmeEmail,omitempty"` + AcmeUseStaging bool `json:"acmeUseStaging,omitempty"` + DnsServer string `json:"dnsServer,omitempty"` + BehindProxy bool `json:"behindProxy,omitempty"` } func NewClient(config *ClientConfig) (*Client, error) { @@ -81,6 +82,10 @@ func NewClient(config *ClientConfig) (*Client, error) { certmagic.DefaultACME.Email = config.AcmeEmail } + if config.AcmeUseStaging { + certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA + } + certConfig := certmagic.NewDefault() httpClient := &http.Client{ diff --git a/cmd/boringproxy/main.go b/cmd/boringproxy/main.go index 9f74e77..8619edb 100644 --- a/cmd/boringproxy/main.go +++ b/cmd/boringproxy/main.go @@ -50,6 +50,7 @@ func main() { user := flagSet.String("user", "admin", "user") certDir := flagSet.String("cert-dir", "", "TLS cert directory") acmeEmail := flagSet.String("acme-email", "", "Email for ACME (ie Let's Encrypt)") + acmeUseStaging := flagSet.Bool("acme-use-staging", false, "Use ACME (ie Let's Encrypt) staging servers") dnsServer := flagSet.String("dns-server", "", "Custom DNS server") behindProxy := flagSet.Bool("behind-proxy", false, "Whether we're running behind another reverse proxy") @@ -71,14 +72,15 @@ func main() { } config := &boringproxy.ClientConfig{ - ServerAddr: *server, - Token: *token, - ClientName: *name, - User: *user, - CertDir: *certDir, - AcmeEmail: *acmeEmail, - DnsServer: *dnsServer, - BehindProxy: *behindProxy, + ServerAddr: *server, + Token: *token, + ClientName: *name, + User: *user, + CertDir: *certDir, + AcmeEmail: *acmeEmail, + AcmeUseStaging: *acmeUseStaging, + DnsServer: *dnsServer, + BehindProxy: *behindProxy, } ctx := context.Background()