GoBlog/httpListener.go

59 lines
1.5 KiB
Go

package main
import (
"crypto/tls"
"net"
"net/http"
"golang.org/x/crypto/acme"
"golang.org/x/crypto/acme/autocert"
"tailscale.com/client/tailscale"
)
func (a *goBlog) getTCPListener(s *http.Server) (net.Listener, error) {
if a.tailscaleEnabled() {
// Tailscale listener
return a.getTailscaleListener(s.Addr)
} else if s.Addr == ":443" && a.cfg.Server.PublicHTTPS {
// Listener with public HTTPS
hosts := []string{a.cfg.Server.publicHostname}
if shn := a.cfg.Server.shortPublicHostname; shn != "" {
hosts = append(hosts, shn)
}
if mhn := a.cfg.Server.mediaHostname; mhn != "" {
hosts = append(hosts, mhn)
}
acmeDir := acme.LetsEncryptURL
// Uncomment for Staging Let's Encrypt
// acmeDir = "https://acme-staging-v02.api.letsencrypt.org/directory"
m := &autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(hosts...),
Cache: &httpsCache{db: a.db},
Client: &acme.Client{DirectoryURL: acmeDir},
}
return m.Listener(), nil
} else if s.Addr == ":443" && a.cfg.Server.TailscaleHTTPS {
// Listener with Tailscale TLS config
ln, err := net.Listen("tcp", s.Addr)
if err != nil {
return nil, err
}
return tls.NewListener(ln, &tls.Config{
GetCertificate: tailscale.GetCertificate,
MinVersion: tls.VersionTLS12,
}), nil
} else {
// Default
return net.Listen("tcp", s.Addr)
}
}
func (a *goBlog) listenAndServe(s *http.Server) error {
listener, err := a.getTCPListener(s)
if err != nil {
return err
}
return s.Serve(listener)
}