37 lines
1 KiB
Go
37 lines
1 KiB
Go
|
package server
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
"strings"
|
||
|
|
||
|
"golang.org/x/crypto/acme/autocert"
|
||
|
|
||
|
"github.com/photoprism/photoprism/internal/config"
|
||
|
)
|
||
|
|
||
|
// AutoTLS enables automatic HTTPS via Let's Encrypt.
|
||
|
func AutoTLS(conf *config.Config) (*autocert.Manager, error) {
|
||
|
var siteDomain, tlsEmail, certDir string
|
||
|
|
||
|
// Enable automatic HTTPS via Let's Encrypt?
|
||
|
if !conf.SiteHttps() {
|
||
|
return nil, fmt.Errorf("default site url does not use https")
|
||
|
} else if siteDomain = conf.SiteDomain(); !strings.Contains(siteDomain, ".") {
|
||
|
return nil, fmt.Errorf("no fully qualified site domain")
|
||
|
} else if tlsEmail = conf.AutoTLS(); tlsEmail == "" {
|
||
|
return nil, fmt.Errorf("automatic tls disabled")
|
||
|
} else if certDir = conf.CertsConfigPath(); certDir == "" {
|
||
|
return nil, fmt.Errorf("https certificate cache directory is missing")
|
||
|
}
|
||
|
|
||
|
// Create Let's Encrypt cert manager.
|
||
|
m := &autocert.Manager{
|
||
|
Email: tlsEmail,
|
||
|
Prompt: autocert.AcceptTOS,
|
||
|
HostPolicy: autocert.HostWhitelist(siteDomain),
|
||
|
Cache: autocert.DirCache(certDir),
|
||
|
}
|
||
|
|
||
|
return m, nil
|
||
|
}
|