nekomimi.pet / microcosm-rs
forked from microcosm.blue/microcosm-rs
Constellation, Spacedust, Slingshot, UFOs: atproto crates and services for microcosm
fork atom

cache certs

bad-example.com aa3f28bc 8e74aecf

options
unified split
Changed files
+17 -4
slingshot
src
main.rs
server.rs
+9
slingshot/src/main.rs
··· 31 /// - TODO: a rate-limiter will be installed 32 #[arg(long)] 33 host: Option<String>, 34 } 35 36 #[tokio::main] ··· 91 identity, 92 repo, 93 args.host, 94 server_shutdown, 95 ) 96 .await?;
··· 31 /// - TODO: a rate-limiter will be installed 32 #[arg(long)] 33 host: Option<String>, 34 + /// a location to cache acme https certs 35 + /// 36 + /// only used if --host is specified. omitting requires re-requesting certs 37 + /// on every restart, and letsencrypt has rate limits that are easy to hit. 38 + /// 39 + /// recommended in production, but mind the file permissions. 40 + #[arg(long)] 41 + certs: Option<PathBuf>, 42 } 43 44 #[tokio::main] ··· 99 identity, 100 repo, 101 args.host, 102 + args.certs, 103 server_shutdown, 104 ) 105 .await?;
+8 -4
slingshot/src/server.rs
··· 2 use atrium_api::types::string::{Cid, Did, Handle, Nsid, RecordKey}; 3 use foyer::HybridCache; 4 use serde::Serialize; 5 use std::str::FromStr; 6 use std::sync::Arc; 7 use tokio_util::sync::CancellationToken; ··· 293 identity: Identity, 294 repo: Repo, 295 host: Option<String>, 296 _shutdown: CancellationToken, 297 ) -> Result<(), ServerError> { 298 let repo = Arc::new(repo); ··· 320 321 app = app.at("/.well-known/did.json", get_did_doc(&host)); 322 323 - let auto_cert = AutoCert::builder() 324 .directory_url(LETS_ENCRYPT_PRODUCTION) 325 - .domain(&host) 326 - .build() 327 - .map_err(ServerError::AcmeBuildError)?; 328 329 run(TcpListener::bind("0.0.0.0:443").acme(auto_cert), app).await 330 } else {
··· 2 use atrium_api::types::string::{Cid, Did, Handle, Nsid, RecordKey}; 3 use foyer::HybridCache; 4 use serde::Serialize; 5 + use std::path::PathBuf; 6 use std::str::FromStr; 7 use std::sync::Arc; 8 use tokio_util::sync::CancellationToken; ··· 294 identity: Identity, 295 repo: Repo, 296 host: Option<String>, 297 + certs: Option<PathBuf>, 298 _shutdown: CancellationToken, 299 ) -> Result<(), ServerError> { 300 let repo = Arc::new(repo); ··· 322 323 app = app.at("/.well-known/did.json", get_did_doc(&host)); 324 325 + let mut auto_cert = AutoCert::builder() 326 .directory_url(LETS_ENCRYPT_PRODUCTION) 327 + .domain(&host); 328 + if let Some(certs) = certs { 329 + auto_cert = auto_cert.cache_path(certs) 330 + } 331 + let auto_cert = auto_cert.build().map_err(ServerError::AcmeBuildError)?; 332 333 run(TcpListener::bind("0.0.0.0:443").acme(auto_cert), app).await 334 } else {