ziver/hal
1
1
Fork 0
Code Pull requests Releases Activity

Added a test mode without cert for external web server

Browse source
This commit is contained in:
Ziver Koc 2021-09-15 16:56:24 +02:00
parent b4f6f15055
commit bfd895112d
3 changed files with 28 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hal-core/src/se/hal/HalContext.java
View file

@ -24,7 +24,7 @@ public class HalContext {
public static final String CONFIG_HTTP_PORT = "hal_core.http_port"; public static final String CONFIG_HTTP_PORT = "hal_core.http_port";
public static final String CONFIG_HTTP_EXTERNAL_PORT = "hal_core.http_external_port"; public static final String CONFIG_HTTP_EXTERNAL_PORT = "hal_core.http_external_port";
public static final String CONFIG_HTTP_EXTERNAL_DOMAIN = "hal_core.http_external_domain"; public static final String CONFIG_HTTP_EXTERNAL_DOMAIN = "hal_core.http_external_domain";
public static final String CONFIG_HTTP_EXTERNAL_ACME_TYPE = "hal_core.http_external_acme_type"; public static final String CONFIG_HTTP_EXTERNAL_CERT = "hal_core.http_external_cert";
public static final String CONFIG_MAP_BACKGROUND_IMAGE = "hal_core.map_bgimage"; public static final String CONFIG_MAP_BACKGROUND_IMAGE = "hal_core.map_bgimage";
public static final String RESOURCE_ROOT; public static final String RESOURCE_ROOT;

34
hal-core/src/se/hal/daemon/HalExternalWebDaemon.java
View file

@ -2,7 +2,6 @@ package se.hal.daemon;
import org.shredzone.acme4j.exception.AcmeException; import org.shredzone.acme4j.exception.AcmeException;
import se.hal.HalContext; import se.hal.HalContext;
import se.hal.HalServer;
import se.hal.intf.HalDaemon; import se.hal.intf.HalDaemon;
import se.hal.intf.HalWebPage; import se.hal.intf.HalWebPage;
import se.hal.util.HalAcmeDataStore; import se.hal.util.HalAcmeDataStore;
@ -83,24 +82,32 @@ public class HalExternalWebDaemon implements HalDaemon {
// Prepare ACME Client // Prepare ACME Client
AcmeClient acme; AcmeClient acme;
HttpServer tmpHttpServer = null; HttpServer tmpHttpServer = null;
String acmeType = HalContext.getStringProperty(HalContext.CONFIG_HTTP_EXTERNAL_CERT, "acme_http");
if ("dns".equals(HalContext.getStringProperty(HalContext.CONFIG_HTTP_EXTERNAL_ACME_TYPE, ""))) { if ("acme_http".equals(acmeType)) {
acme = new AcmeClient(acmeDataStore, new AcmeManualDnsChallengeFactory());
} else if ("http".equals(HalContext.getStringProperty(HalContext.CONFIG_HTTP_EXTERNAL_ACME_TYPE, "http"))) {
tmpHttpServer = new HttpServer(80); tmpHttpServer = new HttpServer(80);
tmpHttpServer.start(); tmpHttpServer.start();
acme = new AcmeClient(acmeDataStore, new AcmeHttpChallengeFactory(tmpHttpServer), AcmeClient.ACME_SERVER_LETSENCRYPT_STAGING); acme = new AcmeClient(acmeDataStore, new AcmeHttpChallengeFactory(tmpHttpServer), AcmeClient.ACME_SERVER_LETSENCRYPT_STAGING);
} else if ("none".equals(acmeType)) {
acme = null;
} else if ("acme_dns".equals(acmeType)) {
acme = new AcmeClient(acmeDataStore, new AcmeManualDnsChallengeFactory());
} else { } else {
throw new IllegalArgumentException("Unknown config value for " + externalServerUrl); throw new IllegalArgumentException("Unknown config value for " + externalServerUrl);
} }
// Request certificate and start the external webserver // Request certificate and start the external webserver
acme.addDomain(HalContext.getStringProperty(CONFIG_HTTP_EXTERNAL_DOMAIN)); if (acme != null) {
acme.prepareRequest(); acme.addDomain(HalContext.getStringProperty(CONFIG_HTTP_EXTERNAL_DOMAIN));
certificate = acme.requestCertificate(); acme.prepareRequest();
acmeDataStore.storeCertificate(certificate); certificate = acme.requestCertificate();
acmeDataStore.storeCertificate(certificate);
} else {
logger.warning("No SSL certificate is configured for external HTTP Server.");
certificate = null;
}
// Cleanup // Cleanup
if (tmpHttpServer != null) { if (tmpHttpServer != null) {
@ -110,7 +117,16 @@ public class HalExternalWebDaemon implements HalDaemon {
} }
private void startHttpServer() throws GeneralSecurityException, IOException { private void startHttpServer() throws GeneralSecurityException, IOException {
httpExternal = new HttpServer(HalContext.getIntegerProperty(CONFIG_HTTP_EXTERNAL_PORT), acmeDataStore.getDomainKeyPair().getPrivate(), certificate); // Shutdown old server
if (httpExternal != null)
httpExternal.close();
// Start new Server
if (certificate != null)
httpExternal = new HttpServer(HalContext.getIntegerProperty(CONFIG_HTTP_EXTERNAL_PORT), acmeDataStore.getDomainKeyPair().getPrivate(), certificate);
else
httpExternal = new HttpServer(HalContext.getIntegerProperty(CONFIG_HTTP_EXTERNAL_PORT));
for (String url : pageMap.keySet()) { for (String url : pageMap.keySet()) {
httpExternal.setPage(url, pageMap.get(url)); httpExternal.setPage(url, pageMap.get(url));

4
hal.conf.example
View file

@ -8,8 +8,8 @@ hal_core.http_port=8080
# to letsencrypt to work port 80 needs to be opened temporarily during the certificate generation process # to letsencrypt to work port 80 needs to be opened temporarily during the certificate generation process
# make sure the firewall forwarding rules are setup for this process to work. # make sure the firewall forwarding rules are setup for this process to work.
# In the future DNS authentication will also be available so no port forwarding will be necessary. # In the future DNS authentication will also be available so no port forwarding will be necessary.
hal_core.http_acme_type=http|dns #hal_core.http_external_cert=acme_http|acme_dns|none
hal_core.http_external_port=8081 #hal_core.http_external_port=8081
#hal_core.http_external_domain=example.com #hal_core.http_external_domain=example.com
# ------------------------------------------------------------------------ # ------------------------------------------------------------------------