LE flags, modified tis directive, moved LE stuff to own file

app/app.go

@@ -7,6 +7,8 @@ package app
 
 import (
 	"errors"
+	"os"
+	"path/filepath"
 	"runtime"
 	"strconv"
 	"strings"
@@ -74,3 +76,25 @@ func SetCPU(cpu string) error {
 	runtime.GOMAXPROCS(numCPU)
 	return nil
 }
+
+// DataFolder returns the path to the folder
+// where the application may store data. This
+// currently resolves to ~/.caddy
+func DataFolder() string {
+	return filepath.Join(userHomeDir(), ".caddy")
+}
+
+// userHomeDir returns the user's home directory according to
+// environment variables.
+//
+// Credit: http://stackoverflow.com/a/7922977/1048862
+func userHomeDir() string {
+	if runtime.GOOS == "windows" {
+		home := os.Getenv("HOMEDRIVE") + os.Getenv("HOMEPATH")
+		if home == "" {
+			home = os.Getenv("USERPROFILE")
+		}
+		return home
+	}
+	return os.Getenv("HOME")
+}

config/config.go

@@ -1,8 +1,6 @@
 package config
 
 import (
-	"crypto/rand"
-	"crypto/rsa"
 	"errors"
 	"fmt"
 	"io"
@@ -77,25 +75,20 @@ func Load(filename string, input io.Reader) (Group, error) {
 	// restore logging settings
 	log.SetFlags(flags)
 
-	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	// Initiate Let's Encrypt
+	leUser, err := NewLetsEncryptUser("example1@mail.com")
 	if err != nil {
-		return Group{}, errors.New("Error Generating Key:" + err.Error())
+		return Group{}, err
 	}
-
 	for _, cfg := range configs {
-		// TODO: && hostname does not resolve to localhost (?) && TLS is not force-disabled
+		// TODO: && !IsLoopback()
-		if !cfg.TLS.Enabled {
+		if !cfg.TLS.Enabled && cfg.Port != "http" {
-			// Initiate Let's Encrypt
+			client := acme.NewClient("http://192.168.99.100:4000", &leUser, 2048, "5001")
-			user := LetsEncryptUser{
-				Email: "example@mail.com",
-				Key:   privateKey,
-			}
-			client := acme.NewClient("http://192.168.99.100:4000", &user, 2048, "5001")
 			reg, err := client.Register()
 			if err != nil {
 				return Group{}, errors.New("Error Registering: " + err.Error())
 			}
-			user.Registration = reg
+			leUser.Registration = reg
 
 			err = client.AgreeToTos()
 			if err != nil {
@@ -106,8 +99,6 @@ func Load(filename string, input io.Reader) (Group, error) {
 			if err != nil {
 				return Group{}, errors.New("Error Obtaining Certs: " + err.Error())
 			}
-
-			fmt.Printf("%#v\n", certs)
 		}
 	}
 
@@ -115,22 +106,6 @@ func Load(filename string, input io.Reader) (Group, error) {
 	return arrangeBindings(configs)
 }
 
-type LetsEncryptUser struct {
-	Email        string
-	Registration *acme.RegistrationResource
-	Key          *rsa.PrivateKey
-}
-
-func (u LetsEncryptUser) GetEmail() string {
-	return u.Email
-}
-func (u LetsEncryptUser) GetRegistration() *acme.RegistrationResource {
-	return u.Registration
-}
-func (u LetsEncryptUser) GetPrivateKey() *rsa.PrivateKey {
-	return u.Key
-}
-
 // serverBlockToConfig makes a config for the server block
 // by executing the tokens that were parsed. The returned
 // config is shared among all hosts/addresses for the server
@@ -303,11 +278,22 @@ func Default() (Group, error) {
 	return arrangeBindings([]server.Config{NewDefault()})
 }
 
-// These three defaults are configurable through the command line
+// These defaults are configurable through the command line
 var (
+	// Site root
 	Root = DefaultRoot
+
+	// Site host
 	Host = DefaultHost
+
+	// Site port
 	Port = DefaultPort
+
+	// Let's Encrypt account email
+	LetsEncryptEmail string
+
+	// Agreement to Let's Encrypt terms
+	LetsEncryptAgree bool
 )
 
 type Group map[*net.TCPAddr][]server.Config

config/letsencrypt.go

@@ -0,0 +1,35 @@
+package config
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"errors"
+
+	"github.com/xenolf/lego/acme"
+)
+
+func NewLetsEncryptUser(email string) (LetsEncryptUser, error) {
+	user := LetsEncryptUser{Email: email}
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return user, errors.New("error generating private key: " + err.Error())
+	}
+	user.Key = privateKey
+	return user, nil
+}
+
+type LetsEncryptUser struct {
+	Email        string
+	Registration *acme.RegistrationResource
+	Key          *rsa.PrivateKey
+}
+
+func (u LetsEncryptUser) GetEmail() string {
+	return u.Email
+}
+func (u LetsEncryptUser) GetRegistration() *acme.RegistrationResource {
+	return u.Registration
+}
+func (u LetsEncryptUser) GetPrivateKey() *rsa.PrivateKey {
+	return u.Key
+}

config/setup/tls.go

@@ -8,18 +8,21 @@ import (
 )
 
 func TLS(c *Controller) (middleware.Middleware, error) {
-	c.TLS.Enabled = true
+	if c.Port != "http" {
+		c.TLS.Enabled = true
+	}
 
 	for c.Next() {
-		if !c.NextArg() {
+		args := c.RemainingArgs()
+		switch len(args) {
+		case 1:
+			c.TLS.LetsEncryptEmail = args[0]
+		case 2:
+			c.TLS.Certificate = args[0]
+			c.TLS.Key = args[1]
+		default:
 			return nil, c.ArgErr()
 		}
-		c.TLS.Certificate = c.Val()
-
-		if !c.NextArg() {
-			return nil, c.ArgErr()
-		}
-		c.TLS.Key = c.Val()
 
 		// Optional block
 		for c.NextBlock() {

main.go

@@ -33,6 +33,8 @@ func init() {
 	flag.StringVar(&config.Host, "host", config.DefaultHost, "Default host")
 	flag.StringVar(&config.Port, "port", config.DefaultPort, "Default port")
 	flag.BoolVar(&version, "version", false, "Show version")
+	flag.BoolVar(&config.LetsEncryptAgree, "agree", false, "Agree to Let's Encrypt Subscriber Agreement")
+	flag.StringVar(&config.LetsEncryptEmail, "email", "", "Email address to use for Let's Encrypt account")
 }
 
 func main() {

server/config.go

@@ -50,13 +50,12 @@ func (c Config) Address() string {
 	return net.JoinHostPort(c.Host, c.Port)
 }
 
-// TLSConfig describes how TLS should be configured and used,
+// TLSConfig describes how TLS should be configured and used.
-// if at all. A certificate and key are both required.
-// The rest is optional.
 type TLSConfig struct {
 	Enabled                  bool
 	Certificate              string
 	Key                      string
+	LetsEncryptEmail         string
 	Ciphers                  []uint16
 	ProtocolMinVersion       uint16
 	ProtocolMaxVersion       uint16