autotls

package

v0.9.1 Latest Latest Go to latest Published: Jun 4, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/mirendev/runtime

Links

Open Source Insights

Documentation ¶

Index ¶

func LoadOrGenerateFallbackCert(certsDir string) (tls.Certificate, error)
func ServeTLSSelfSigned(ctx context.Context, log *slog.Logger, h http.Handler) error
func ServeTLSSelfSignedOnAddr(ctx context.Context, log *slog.Logger, h http.Handler, addr string) error
func ServeTLSWithController(ctx context.Context, log *slog.Logger, certProvider CertificateProvider, ...) error
func ServeTLSWithControllerOnAddr(ctx context.Context, log *slog.Logger, certProvider CertificateProvider, ...) error
type CertificateProvider
type HTTPChallengeProvider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func LoadOrGenerateFallbackCert ¶ added in v0.6.0

func LoadOrGenerateFallbackCert(certsDir string) (tls.Certificate, error)

loadOrGenerateFallbackCert loads a cached fallback certificate from disk, or generates a new one if it doesn't exist or is expiring soon. This ensures users who accept the browser warning don't have to re-accept on every server restart.

func ServeTLSSelfSigned ¶ added in v0.3.0

func ServeTLSSelfSigned(ctx context.Context, log *slog.Logger, h http.Handler) error

ServeTLSSelfSigned serves HTTPS using a self-signed certificate. This is intended for development and testing only.

func ServeTLSSelfSignedOnAddr ¶ added in v0.8.0

func ServeTLSSelfSignedOnAddr(ctx context.Context, log *slog.Logger, h http.Handler, addr string) error

ServeTLSSelfSignedOnAddr serves HTTPS on a single configurable address using an in-memory self-signed certificate. Unlike ServeTLSSelfSigned, it does not also bind port 80 for redirect, so it can sit behind a TLS-terminating proxy or run on a non-standard address without colliding with anything else.

func ServeTLSWithController ¶

func ServeTLSWithController(ctx context.Context, log *slog.Logger, certProvider CertificateProvider, h http.Handler) error

ServeTLSWithController serves HTTPS using certificates provided by a controller. If the certProvider also implements HTTPChallengeProvider, the port-80 handler wraps the redirect handler to serve ACME HTTP-01 challenges.

func ServeTLSWithControllerOnAddr ¶ added in v0.8.0

func ServeTLSWithControllerOnAddr(ctx context.Context, log *slog.Logger, certProvider CertificateProvider, h http.Handler, addr string) error

ServeTLSWithControllerOnAddr serves HTTPS on a single configurable address without binding port 80. Used by the behind-proxy-https ingress mode, where the public hostname lives at a proxy and Miren only handles the TLS leg. Because :80 is not bound, ACME HTTP-01 and TLS-ALPN-01 challenges cannot complete in this mode; certificates must come from DNS-01 ACME or be self-signed (use ServeTLSSelfSignedOnAddr for the self-signed case).

Types ¶

type CertificateProvider ¶

type CertificateProvider interface {
	GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
}

CertificateProvider provides certificates via GetCertificate callback

type HTTPChallengeProvider ¶ added in v0.6.0

type HTTPChallengeProvider interface {
	HTTPHandler(fallback http.Handler) http.Handler
}

HTTPChallengeProvider is an optional interface that CertificateProviders can implement to handle HTTP-01 ACME challenge requests on port 80.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL