package server import ( "fmt" "strings" "golang.org/x/crypto/acme/autocert" "github.com/photoprism/photoprism/internal/config" ) // AutoTLS enables automatic HTTPS via Let's Encrypt. func AutoTLS(conf *config.Config) (*autocert.Manager, error) { var siteDomain, tlsEmail, certDir string // Enable automatic HTTPS via Let's Encrypt? if !conf.SiteHttps() { return nil, fmt.Errorf("disabled tls") } else if conf.HttpHostAsSocketPath() != "" { return nil, fmt.Errorf("unix socket not work with auto https") } else if siteDomain = conf.SiteDomain(); !strings.Contains(siteDomain, ".") { return nil, fmt.Errorf("fully qualified domain required to enable tls") } else if tlsEmail = conf.TLSEmail(); tlsEmail == "" { return nil, fmt.Errorf("disabled auto tls") } else if certDir = conf.CertificatesPath(); certDir == "" { return nil, fmt.Errorf("certificates path not found") } // Create Let's Encrypt cert manager. m := &autocert.Manager{ Email: tlsEmail, Prompt: autocert.AcceptTOS, HostPolicy: autocert.HostWhitelist(siteDomain), Cache: autocert.DirCache(certDir), } return m, nil }