Documentation
¶
Overview ¶
server/acmedns.go
server/certrenewer.go
server/server.go
Index ¶
- func ListenAndServeWithContext(ctx context.Context, cfg *config.CoreConfig, handler http.Handler, ...) error
- func SetCertRenewer(r CertRenewer)
- func WithShutdownSignals(parent context.Context, logger *zap.Logger) (context.Context, context.CancelFunc)
- type AutocertRenewer
- type CertRenewer
- type DNS01Manager
- func (m *DNS01Manager) ChallengeType() string
- func (m *DNS01Manager) ForceRenewal(ctx context.Context) (time.Time, error)
- func (m *DNS01Manager) GetCertificate(hello *tls.ClientHelloInfo) (cert *tls.Certificate, err error)
- func (m *DNS01Manager) PreWarm(ctx context.Context) error
- func (m *DNS01Manager) StartBackgroundRenewal()
- func (m *DNS01Manager) StopBackgroundRenewal()
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ListenAndServeWithContext ¶
func ListenAndServeWithContext( ctx context.Context, cfg *config.CoreConfig, handler http.Handler, logger *zap.Logger, ) error
ListenAndServeWithContext starts an HTTP or HTTPS server (with optional Let's Encrypt via http-01 or dns-01 challenge) and blocks until the context is canceled or the server encounters a terminal error.
It does NOT wire any routes itself; callers must provide a fully configured http.Handler (e.g., chi.Router).
func SetCertRenewer ¶ added in v0.1.32
func SetCertRenewer(r CertRenewer)
SetCertRenewer sets the active certificate renewer. This is called by ListenAndServeWithContext when using Let's Encrypt.
func WithShutdownSignals ¶
func WithShutdownSignals(parent context.Context, logger *zap.Logger) (context.Context, context.CancelFunc)
WithShutdownSignals returns a context that is canceled when the process receives SIGINT or SIGTERM. It's a helper to tie OS signals into context cancellation, and should be used as the parent context for the HTTP server. The returned cancel function also cleans up the signal handler.
Types ¶
type AutocertRenewer ¶ added in v0.1.32
type AutocertRenewer struct {
Manager *autocert.Manager
Domain string
CacheDir string
Logger *zap.Logger
}
AutocertRenewer wraps an autocert.Manager to implement CertRenewer.
func (*AutocertRenewer) ChallengeType ¶ added in v0.1.32
func (r *AutocertRenewer) ChallengeType() string
ChallengeType returns "http-01" for autocert.
func (*AutocertRenewer) ForceRenewal ¶ added in v0.1.32
ForceRenewal forces an immediate certificate renewal for autocert. It clears the disk cache and requests a fresh certificate from Let's Encrypt.
type CertRenewer ¶ added in v0.1.32
type CertRenewer interface {
// ForceRenewal forces an immediate certificate renewal.
// Returns the new certificate expiry time on success.
ForceRenewal(ctx context.Context) (time.Time, error)
// ChallengeType returns the ACME challenge type ("http-01" or "dns-01").
ChallengeType() string
}
CertRenewer provides certificate renewal capabilities.
func GetCertRenewer ¶ added in v0.1.32
func GetCertRenewer() CertRenewer
GetCertRenewer returns the active certificate renewer, or nil if not using Let's Encrypt.
type DNS01Manager ¶ added in v0.1.19
type DNS01Manager struct {
Domains []string // One or more domains for the certificate (e.g., ["example.com", "*.example.com"])
Email string
CacheDir string
HostedZoneID string
ACMEDirectoryURL string
Logger *zap.Logger
// contains filtered or unexported fields
}
DNS01Manager manages ACME certificates using DNS-01 challenges via Route 53.
func NewDNS01Manager ¶ added in v0.1.19
func NewDNS01Manager(domains []string, email, cacheDir, hostedZoneID, acmeDirectoryURL string, logger *zap.Logger) (*DNS01Manager, error)
NewDNS01Manager creates a new DNS-01 certificate manager. domains is a list of domains for the certificate (e.g., ["example.com", "*.example.com"]). acmeDirectoryURL specifies the ACME directory URL (e.g., Let's Encrypt production or staging).
func (*DNS01Manager) ChallengeType ¶ added in v0.1.32
func (m *DNS01Manager) ChallengeType() string
ChallengeType returns "dns-01" for DNS01Manager.
func (*DNS01Manager) ForceRenewal ¶ added in v0.1.32
ForceRenewal forces an immediate certificate renewal regardless of expiry time. It clears both the in-memory and disk-cached certificates to force a fresh obtainment from the ACME server. Returns the new certificate expiry time on success.
func (*DNS01Manager) GetCertificate ¶ added in v0.1.19
func (m *DNS01Manager) GetCertificate(hello *tls.ClientHelloInfo) (cert *tls.Certificate, err error)
GetCertificate returns a TLS certificate for the configured domain. It implements the tls.Config.GetCertificate callback.
This method is safe for concurrent use. If multiple goroutines call it simultaneously when a renewal is needed, only one will perform the renewal while others wait and receive the same result.
Panics during certificate obtainment are recovered and converted to errors to prevent crashing the server during TLS handshakes.
Note: hello may be nil in certain edge cases (e.g., when building a self-signed cert without client info). This is handled by falling back to a background context.
func (*DNS01Manager) PreWarm ¶ added in v0.1.19
func (m *DNS01Manager) PreWarm(ctx context.Context) error
PreWarm obtains a certificate before the server starts accepting connections. If the provided context has no deadline, a default 15-minute timeout is applied to prevent indefinite hangs during ACME operations.
func (*DNS01Manager) StartBackgroundRenewal ¶ added in v0.1.27
func (m *DNS01Manager) StartBackgroundRenewal()
StartBackgroundRenewal starts a goroutine that proactively renews certificates before they expire. This prevents renewal latency during user TLS handshakes. Call StopBackgroundRenewal to stop the background goroutine gracefully.
func (*DNS01Manager) StopBackgroundRenewal ¶ added in v0.1.27
func (m *DNS01Manager) StopBackgroundRenewal()
StopBackgroundRenewal stops the background renewal goroutine and waits for it to exit.
Source Files