photoprism/internal/server/autotls.go
Michael Mayer a7b1c1b11e WebDAV: Allow read access in read-only mode and improve logs #3177 #3183
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-02-09 13:14:56 +01:00

36 lines
1,021 B
Go

package server
import (
"fmt"
"strings"
"golang.org/x/crypto/acme/autocert"
"github.com/photoprism/photoprism/internal/config"
)
// AutoTLS enables automatic HTTPS via Let's Encrypt.
func AutoTLS(conf *config.Config) (*autocert.Manager, error) {
var siteDomain, tlsEmail, certDir string
// Enable automatic HTTPS via Let's Encrypt?
if !conf.SiteHttps() {
return nil, fmt.Errorf("disabled tls")
} else if siteDomain = conf.SiteDomain(); !strings.Contains(siteDomain, ".") {
return nil, fmt.Errorf("fully qualified domain required to enable tls")
} else if tlsEmail = conf.TLSEmail(); tlsEmail == "" {
return nil, fmt.Errorf("disabled auto tls")
} else if certDir = conf.CertificatesPath(); certDir == "" {
return nil, fmt.Errorf("certificates path not found")
}
// Create Let's Encrypt cert manager.
m := &autocert.Manager{
Email: tlsEmail,
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(siteDomain),
Cache: autocert.DirCache(certDir),
}
return m, nil
}