bad-example.com / microcosm-links
APIs for links and references in the ATmosphere
fork atom

cache certs

bad-example.com aa3f28bc 8e74aecf

options
unified split
Changed files
+17 -4
slingshot
src
main.rs
server.rs
+9
slingshot/src/main.rs
··· 31 31 /// - TODO: a rate-limiter will be installed 32 32 #[arg(long)] 33 33 host: Option<String>, 34 + /// a location to cache acme https certs 35 + /// 36 + /// only used if --host is specified. omitting requires re-requesting certs 37 + /// on every restart, and letsencrypt has rate limits that are easy to hit. 38 + /// 39 + /// recommended in production, but mind the file permissions. 40 + #[arg(long)] 41 + certs: Option<PathBuf>, 34 42 } 35 43 36 44 #[tokio::main] ··· 91 99 identity, 92 100 repo, 93 101 args.host, 102 + args.certs, 94 103 server_shutdown, 95 104 ) 96 105 .await?;
+8 -4
slingshot/src/server.rs
··· 2 2 use atrium_api::types::string::{Cid, Did, Handle, Nsid, RecordKey}; 3 3 use foyer::HybridCache; 4 4 use serde::Serialize; 5 + use std::path::PathBuf; 5 6 use std::str::FromStr; 6 7 use std::sync::Arc; 7 8 use tokio_util::sync::CancellationToken; ··· 293 294 identity: Identity, 294 295 repo: Repo, 295 296 host: Option<String>, 297 + certs: Option<PathBuf>, 296 298 _shutdown: CancellationToken, 297 299 ) -> Result<(), ServerError> { 298 300 let repo = Arc::new(repo); ··· 320 322 321 323 app = app.at("/.well-known/did.json", get_did_doc(&host)); 322 324 323 - let auto_cert = AutoCert::builder() 325 + let mut auto_cert = AutoCert::builder() 324 326 .directory_url(LETS_ENCRYPT_PRODUCTION) 325 - .domain(&host) 326 - .build() 327 - .map_err(ServerError::AcmeBuildError)?; 327 + .domain(&host); 328 + if let Some(certs) = certs { 329 + auto_cert = auto_cert.cache_path(certs) 330 + } 331 + let auto_cert = auto_cert.build().map_err(ServerError::AcmeBuildError)?; 328 332 329 333 run(TcpListener::bind("0.0.0.0:443").acme(auto_cert), app).await 330 334 } else {