Add autocert

cmd/apiary.go

@@ -17,6 +17,7 @@ import (
 	"github.uio.no/torjus/apiary/web"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
+	"golang.org/x/crypto/acme/autocert"
 )
 
 func main() {
@@ -50,8 +51,10 @@ func ActionServe(c *cli.Context) error {
 		return err
 	}
 
+	// Setup logging
 	loggers := setupLoggers(cfg)
 
+	// Setup store
 	var s store.LoginAttemptStore
 	switch cfg.Store.Type {
 	case "MEMORY", "memory":
@@ -69,16 +72,32 @@ func ActionServe(c *cli.Context) error {
 		return fmt.Errorf("Invalid store configured")
 	}
 
+	// Setup honeypot
 	hs, err := honeypot.NewHoneypotServer(cfg.Honeypot, s)
 	if err != nil {
 		return err
 	}
 	hs.Logger = loggers.honeypotLogger
 
+	// Setup webserver
 	web := web.NewServer(cfg.Frontend, hs, s)
 	web.AccessLogger = loggers.webAccessLogger
 	web.ServerLogger = loggers.webServerLogger
+	if cfg.Frontend.Autocert.Enable {
+		certManager := autocert.Manager{
+			Prompt:     autocert.AcceptTOS,
+			HostPolicy: autocert.HostWhitelist(cfg.Frontend.Autocert.Domains...),
+			Email:      cfg.Frontend.Autocert.Email,
+		}
+		if cfg.Frontend.Autocert.CacheDir != "" {
+			certManager.Cache = autocert.DirCache(cfg.Frontend.Autocert.CacheDir)
+		}
 
+		tlsConfig := certManager.TLSConfig()
+		web.TLSConfig = tlsConfig
+	}
+
+	// Setup interrupt handling
 	interruptChan := make(chan os.Signal, 1)
 	signal.Notify(interruptChan, os.Interrupt)
 
@@ -103,7 +122,7 @@ func ActionServe(c *cli.Context) error {
 	// Start web server
 	go func() {
 		loggers.rootLogger.Info("Starting web server")
-		if err := web.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+		if err := web.StartServe(); err != nil && err != http.ErrServerClosed {
 			loggers.rootLogger.Warnw("Web server returned error", "error", err)
 		}
 	}()