From fd3af1154ca6d4947e2514ee93ce3d3fcddaac3b Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Wed, 11 May 2022 16:18:35 -0600 Subject: [PATCH] Add custom ACME CA support for client --- client.go | 5 +++++ cmd/boringproxy/main.go | 2 ++ 2 files changed, 7 insertions(+) diff --git a/client.go b/client.go index 9cf2d45..3cb1604 100644 --- a/client.go +++ b/client.go @@ -39,6 +39,7 @@ type ClientConfig struct { CertDir string `json:"certDir,omitempty"` AcmeEmail string `json:"acmeEmail,omitempty"` AcmeUseStaging bool `json:"acmeUseStaging,omitempty"` + AcmeCa string `json:"acmeCa,omitempty"` DnsServer string `json:"dnsServer,omitempty"` BehindProxy bool `json:"behindProxy,omitempty"` } @@ -84,6 +85,10 @@ func NewClient(config *ClientConfig) (*Client, error) { certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA } + if config.AcmeCa != "" { + certmagic.DefaultACME.CA = config.AcmeCa + } + certConfig := certmagic.NewDefault() httpClient := &http.Client{ diff --git a/cmd/boringproxy/main.go b/cmd/boringproxy/main.go index 5331dc1..6d9148a 100644 --- a/cmd/boringproxy/main.go +++ b/cmd/boringproxy/main.go @@ -93,6 +93,7 @@ func main() { certDir := flagSet.String("cert-dir", "", "TLS cert directory") acmeEmail := flagSet.String("acme-email", "", "Email for ACME (ie Let's Encrypt)") acmeUseStaging := flagSet.Bool("acme-use-staging", false, "Use ACME (ie Let's Encrypt) staging servers") + acmeCa := flagSet.String("acme-certificate-authority", "", "URI for ACME Certificate Authority") dnsServer := flagSet.String("dns-server", "", "Custom DNS server") behindProxy := flagSet.Bool("behind-proxy", false, "Whether we're running behind another reverse proxy") @@ -117,6 +118,7 @@ func main() { CertDir: *certDir, AcmeEmail: *acmeEmail, AcmeUseStaging: *acmeUseStaging, + AcmeCa: *acmeCa, DnsServer: *dnsServer, BehindProxy: *behindProxy, }