mirror of
https://codeberg.org/Codeberg/pages-server.git
synced 2024-11-23 06:18:59 +00:00
03881382a4
This PR add the `$NO_DNS_01` option (disabled by default) that removes the DNS ACME provider, and replaces the wildcard certificate by individual certificates obtained using the TLS ACME provider. This option allows an instance to work without having to manage access tokens for the DNS provider. On the flip side, this means that a certificate can be requested for each subdomains. To limit the risk of DOS, the existence of the user/org corresponding to a subdomain is checked before requesting a cert, however, this limitation is not enough for an forge with a high number of users/orgs. Co-authored-by: 6543 <6543@obermui.de> Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/290 Reviewed-by: Moritz Marquardt <momar@noreply.codeberg.org> Co-authored-by: Jean-Marie 'Histausse' Mineau <histausse@protonmail.com> Co-committed-by: Jean-Marie 'Histausse' Mineau <histausse@protonmail.com>
48 lines
1.3 KiB
Go
48 lines
1.3 KiB
Go
package config
|
|
|
|
type Config struct {
|
|
LogLevel string `default:"warn"`
|
|
Server ServerConfig
|
|
Gitea GiteaConfig
|
|
Database DatabaseConfig
|
|
ACME ACMEConfig
|
|
}
|
|
|
|
type ServerConfig struct {
|
|
Host string `default:"[::]"`
|
|
Port uint16 `default:"443"`
|
|
HttpPort uint16 `default:"80"`
|
|
HttpServerEnabled bool `default:"true"`
|
|
MainDomain string
|
|
RawDomain string
|
|
PagesBranches []string
|
|
AllowedCorsDomains []string
|
|
BlacklistedPaths []string
|
|
}
|
|
|
|
type GiteaConfig struct {
|
|
Root string
|
|
Token string
|
|
LFSEnabled bool `default:"false"`
|
|
FollowSymlinks bool `default:"false"`
|
|
DefaultMimeType string `default:"application/octet-stream"`
|
|
ForbiddenMimeTypes []string
|
|
}
|
|
|
|
type DatabaseConfig struct {
|
|
Type string `default:"sqlite3"`
|
|
Conn string `default:"certs.sqlite"`
|
|
}
|
|
|
|
type ACMEConfig struct {
|
|
Email string
|
|
APIEndpoint string `default:"https://acme-v02.api.letsencrypt.org/directory"`
|
|
AcceptTerms bool `default:"false"`
|
|
UseRateLimits bool `default:"true"`
|
|
EAB_HMAC string
|
|
EAB_KID string
|
|
DNSProvider string
|
|
NoDNS01 bool `default:"false"`
|
|
AccountConfigFile string `default:"acme-account.json"`
|
|
}
|