Obtain certs from Let's Encrypt.
Only support dns-01
challenge.
Support Cloudflare
API to deploy TXT record.
Support Afraid
Cookie to deploy TXT record.
Support He.net
DDNS API to deploy TXT record.
Set environment Mode
to server
.
You can edit environment values refering to codes below:
UrlPrefix = GetEnvOr("UrlPrefix", "/xx") // {UrlPrefix}/api {UrlPrefix}/static
bindAddr = GetEnvOr("BindAddr", "127.0.0.1:8080")
proxyURL = GetEnvOr("ProxyUrl", "") // the app will use ProxyUrl for http request
certPath = GetEnvOr("CertPath", "") // if CertPath and KeyPath not empty, server is HTTPS, else HTTP
keyPath = GetEnvOr("KeyPath", "")
You can use Github OAuth to protect secrets.
Details of configs are as follows.
oauthCookieFormat = GetEnvOr("OAuthCookieFormat", `%s=%s; domain=%s; path=%s; max-age=%s; secure; HttpOnly; SameSite=Lax`)
oauthCookieNamePrefix = GetEnvOr("OAuthCookieNamePrefix", "crtbot")
oauthCookiePath = GetEnvOr("OAuthCookiePath", UrlPrefix)
oauthCookieTTL = GetEnvOr("OAuthCookieTTL", "3600")
oauthCookieTTLInt64 int64
oauthClientId = GetEnvOr("OAuthClientId", "")
OAuthClientSecret = GetEnvOr("OAuthClientSecret", "")
oauthValidUsers = GetEnvOr("OAuthValidUsers", "")
The important configs are OAuthClientId, OAuthClientSecret and OAuthValidUsers.
- Prepare a domain
example.com
- Homepage URL:
https://example.com{UrlPrefix}/static/
- Callback URL:
https://example.com{UrlPrefix}/api/oauth
- Follow the document to get OAuthClientId and OAuthClientSecret
- OAuthValidUsers: Your github login account, not email or phone number. For multi-users, use
,
to seperate. Case in-sensetive
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate /path/to/pem;
ssl_certificate_key /path/to/key;
server_name example.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
root html;
error_page 404 /404.html;
#PROXY-START/
location {UrlPrefix} {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $http_host;
proxy_request_buffering off;
proxy_buffering off;
proxy_read_timeout 360s;
proxy_connect_timeout 60s;
}
#PROXY-END/
}
wget https://github.com/nICEnnnnnnnLee/cert_bot/releases/download/v0.0.4/cert_bot-linux-amd64.zip
unzip cert_bot-linux-amd64.zip
export UrlPrefix=/xx
export BindAddr=127.0.0.1:8080
export OAuthClientId=xxxid
export OAuthClientSecret=xxxsecret
export OAuthValidUsers=user1,user2
nohup ./cert_bot-linux-amd64 > /dev/null 2>&1 &
// then visit https://example.com/xx/static/
// then it will redirect to https://github.com/login/oauth/access_token for access grant
// then it will redirect to https://example.com/xx/api/oauth for cookie set
// then it will redirect to https://example.com/xx/static/
Set environment Mode
to cli
, then see the doc for cli