From 58a2727f843ae01be4b8d95058fe86924d6f9198 Mon Sep 17 00:00:00 2001 From: "Willem@105.pve1.lan" Date: Wed, 23 Feb 2022 12:33:36 +0200 Subject: [PATCH] accept-ca-terms --- Dockerfile | 2 +- boringproxy.go | 6 ++++++ docker/server/README.md | 3 +++ docker/server/docker-compose.yml | 10 ++++++---- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 945640f..90afd94 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,6 @@ RUN if [[ "ORIGIN" == 'remote' ]] ; then git clone --depth 1 --branch "${BRANCH} COPY go.* ./ RUN go mod download COPY . . -RUN export VERSION='2' RUN cd cmd/boringproxy && CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} \ go build -ldflags "-X main.Version=${VERSION}" \ @@ -25,6 +24,7 @@ RUN cd cmd/boringproxy && CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} \ FROM scratch EXPOSE 80 443 +WORKDIR /storage COPY --from=builder /build/cmd/boringproxy/boringproxy / diff --git a/boringproxy.go b/boringproxy.go index 8e73c89..b81a767 100644 --- a/boringproxy.go +++ b/boringproxy.go @@ -56,6 +56,7 @@ func Listen() { behindProxy := flagSet.Bool("behind-proxy", false, "Whether we're running behind another reverse proxy") acmeEmail := flagSet.String("acme-email", "", "Email for ACME (ie Let's Encrypt)") acmeUseStaging := flagSet.Bool("acme-use-staging", false, "Use ACME (ie Let's Encrypt) staging servers") + acceptCATerms := flagSet.Bool("accept-ca-terms", false, "Automatically accept CA terms") err := flagSet.Parse(os.Args[2:]) if err != nil { fmt.Fprintf(os.Stderr, "%s: parsing flags: %s\n", os.Args[0], err) @@ -107,6 +108,11 @@ func Listen() { certmagic.DefaultACME.Email = *acmeEmail } + if *acceptCATerms { + certmagic.DefaultACME.Agreed = true + log.Print(fmt.Sprintf("Automatic agreement to CA terms with email (%s)", *acmeEmail)) + } + if *acmeUseStaging { certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA } diff --git a/docker/server/README.md b/docker/server/README.md index 4e589d4..40eec09 100644 --- a/docker/server/README.md +++ b/docker/server/README.md @@ -4,6 +4,9 @@ Edit docker-compose.yml and change the following under **commands** for service **boringproxy** - bp.example.com: your admin domain +- your-email-address: the email address to register with Let's Encrypt + +***Since the -accept-ca-terms flag is set in the compose file, this will automatically accept terms and conditions of Let's Encrypt.*** ## Build image from source and run server in docker You can build the image from source. This requires that you clone the GitHub repo and start docker using the compose command below: diff --git a/docker/server/docker-compose.yml b/docker/server/docker-compose.yml index f3e8753..6addc03 100644 --- a/docker/server/docker-compose.yml +++ b/docker/server/docker-compose.yml @@ -7,11 +7,13 @@ services: - "80:80" - "443:443" volumes: - - data:/opt/boringproxy/ - command: ["server", "-admin-domain", "bp.example.com", "-cert-dir", "/certmagic"] + - storage:/storage/ + - ssh://.ssh + - /etc/ssl/certs/:/etc/ssl/certs/:ro + command: ["server", "-admin-domain", "bp.example.com", "-acme-email", "your-email-address", "-accept-ca-terms", "-cert-dir", "/storage/certmagic", "-print-login"] environment: USER: "root" volumes: - data: - certmagic: + storage: + ssh: \ No newline at end of file