Merge pull request #4625 from guggero/letsencrypt-listen
lnd+config: allow Let's Encrypt listen IP to be set
This commit is contained in:
Oliver Gugger
GitHub
commit
ae7d69838e
28
config.go
28
config.go
@ -65,7 +65,7 @@ const (
|
|||||||
defaultMinBackoff = time.Second
|
defaultMinBackoff = time.Second
|
||||||
defaultMaxBackoff = time.Hour
|
defaultMaxBackoff = time.Hour
|
||||||
defaultLetsEncryptDirname = "letsencrypt"
|
defaultLetsEncryptDirname = "letsencrypt"
|
||||||
defaultLetsEncryptPort = 80
|
defaultLetsEncryptListen = ":80"
|
||||||
|
|
||||||
defaultTorSOCKSPort = 9050
|
defaultTorSOCKSPort = 9050
|
||||||
defaultTorDNSHost = "soa.nodes.lightning.directory"
|
defaultTorDNSHost = "soa.nodes.lightning.directory"
|
||||||
@ -184,7 +184,7 @@ type Config struct {
|
|||||||
AcceptorTimeout time.Duration `long:"acceptortimeout" description:"Time after which an RPCAcceptor will time out and return false if it hasn't yet received a response"`
|
AcceptorTimeout time.Duration `long:"acceptortimeout" description:"Time after which an RPCAcceptor will time out and return false if it hasn't yet received a response"`
|
||||||
|
|
||||||
LetsEncryptDir string `long:"letsencryptdir" description:"The directory to store Let's Encrypt certificates within"`
|
LetsEncryptDir string `long:"letsencryptdir" description:"The directory to store Let's Encrypt certificates within"`
|
||||||
LetsEncryptPort int `long:"letsencryptport" description:"The port on which lnd will listen for Let's Encrypt challenges. Let's Encrypt will always try to contact on port 80. Often non-root processes are not allowed to bind to ports lower than 1024. This configuration option allows a different port to be used, but must be used in combination with port forwarding from port 80."`
|
LetsEncryptListen string `long:"letsencryptlisten" description:"The IP:port on which lnd will listen for Let's Encrypt challenges. Let's Encrypt will always try to contact on port 80. Often non-root processes are not allowed to bind to ports lower than 1024. This configuration option allows a different port to be used, but must be used in combination with port forwarding from port 80. This configuration can also be used to specify another IP address to listen on, for example an IPv6 address."`
|
||||||
LetsEncryptDomain string `long:"letsencryptdomain" description:"Request a Let's Encrypt certificate for this domain. Note that the certicate is only requested and stored when the first rpc connection comes in."`
|
LetsEncryptDomain string `long:"letsencryptdomain" description:"Request a Let's Encrypt certificate for this domain. Note that the certicate is only requested and stored when the first rpc connection comes in."`
|
||||||
|
|
||||||
// We'll parse these 'raw' string arguments into real net.Addrs in the
|
// We'll parse these 'raw' string arguments into real net.Addrs in the
|
||||||
@ -324,18 +324,18 @@ type Config struct {
|
|||||||
// DefaultConfig returns all default values for the Config struct.
|
// DefaultConfig returns all default values for the Config struct.
|
||||||
func DefaultConfig() Config {
|
func DefaultConfig() Config {
|
||||||
return Config{
|
return Config{
|
||||||
LndDir: DefaultLndDir,
|
LndDir: DefaultLndDir,
|
||||||
ConfigFile: DefaultConfigFile,
|
ConfigFile: DefaultConfigFile,
|
||||||
DataDir: defaultDataDir,
|
DataDir: defaultDataDir,
|
||||||
DebugLevel: defaultLogLevel,
|
DebugLevel: defaultLogLevel,
|
||||||
TLSCertPath: defaultTLSCertPath,
|
TLSCertPath: defaultTLSCertPath,
|
||||||
TLSKeyPath: defaultTLSKeyPath,
|
TLSKeyPath: defaultTLSKeyPath,
|
||||||
LetsEncryptDir: defaultLetsEncryptDir,
|
LetsEncryptDir: defaultLetsEncryptDir,
|
||||||
LetsEncryptPort: defaultLetsEncryptPort,
|
LetsEncryptListen: defaultLetsEncryptListen,
|
||||||
LogDir: defaultLogDir,
|
LogDir: defaultLogDir,
|
||||||
MaxLogFiles: defaultMaxLogFiles,
|
MaxLogFiles: defaultMaxLogFiles,
|
||||||
MaxLogFileSize: defaultMaxLogFileSize,
|
MaxLogFileSize: defaultMaxLogFileSize,
|
||||||
AcceptorTimeout: defaultAcceptorTimeout,
|
AcceptorTimeout: defaultAcceptorTimeout,
|
||||||
Bitcoin: &lncfg.Chain{
|
Bitcoin: &lncfg.Chain{
|
||||||
MinHTLCIn: defaultBitcoinMinHTLCInMSat,
|
MinHTLCIn: defaultBitcoinMinHTLCInMSat,
|
||||||
MinHTLCOut: defaultBitcoinMinHTLCOutMSat,
|
MinHTLCOut: defaultBitcoinMinHTLCOutMSat,
|
||||||
|
|||||||
5
lnd.go
5
lnd.go
@ -863,9 +863,8 @@ func getTLSConfig(cfg *Config) (*tls.Config, *credentials.TransportCredentials,
|
|||||||
HostPolicy: autocert.HostWhitelist(cfg.LetsEncryptDomain),
|
HostPolicy: autocert.HostWhitelist(cfg.LetsEncryptDomain),
|
||||||
}
|
}
|
||||||
|
|
||||||
addr := fmt.Sprintf(":%v", cfg.LetsEncryptPort)
|
|
||||||
srv := &http.Server{
|
srv := &http.Server{
|
||||||
Addr: addr,
|
Addr: cfg.LetsEncryptListen,
|
||||||
Handler: manager.HTTPHandler(nil),
|
Handler: manager.HTTPHandler(nil),
|
||||||
}
|
}
|
||||||
shutdownCompleted := make(chan struct{})
|
shutdownCompleted := make(chan struct{})
|
||||||
@ -883,7 +882,7 @@ func getTLSConfig(cfg *Config) (*tls.Config, *credentials.TransportCredentials,
|
|||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
ltndLog.Infof("Autocert challenge listener started "+
|
ltndLog.Infof("Autocert challenge listener started "+
|
||||||
"at %v", addr)
|
"at %v", cfg.LetsEncryptListen)
|
||||||
|
|
||||||
err := srv.ListenAndServe()
|
err := srv.ListenAndServe()
|
||||||
if err != http.ErrServerClosed {
|
if err != http.ErrServerClosed {
|
||||||
|
|||||||
@ -53,12 +53,13 @@
|
|||||||
; Sets the directory to store Let's Encrypt certificates within
|
; Sets the directory to store Let's Encrypt certificates within
|
||||||
; letsencryptdir=~/.lnd/letsencrypt
|
; letsencryptdir=~/.lnd/letsencrypt
|
||||||
|
|
||||||
; Sets the port on which lnd will listen for Let's Encrypt challenges. Let's
|
; The IP:port on which lnd will listen for Let's Encrypt challenges. Let's
|
||||||
; Encrypt will always try to contact on port 80. Often non-root processes are
|
; Encrypt will always try to contact on port 80. Often non-root processes are
|
||||||
; not allowed to bind to ports lower than 1024. This configuration option allows
|
; not allowed to bind to ports lower than 1024. This configuration option allows
|
||||||
; a different port to be used, but must be used in combination with port
|
; a different port to be used, but must be used in combination with port
|
||||||
; forwarding from port 80.
|
; forwarding from port 80. This configuration can also be used to specify
|
||||||
; letsencryptport=8080
|
; another IP address to listen on, for example an IPv6 address.
|
||||||
|
; letsencryptlisten=localhost:8080
|
||||||
|
|
||||||
; Request a Let's Encrypt certificate for this domain. Note that the certicate
|
; Request a Let's Encrypt certificate for this domain. Note that the certicate
|
||||||
; is only requested and stored when the first rpc connection comes in.
|
; is only requested and stored when the first rpc connection comes in.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user