Support custom ACME provider (#18340)

* Added ACMECAURL option to support custom ACME provider. Closes #18306 * Refactor setting.go https settings, renamed options and variables, and documented app.example.ini * Refactored runLetsEncrypt to runACME * Improved documentation
2022-02-08 14:45:35 +09:00 · 2022-02-08 14:45:35 +09:00 · 60f203385e
commit 60f203385e
parent a60e8be8d1
6 changed files with 160 additions and 51 deletions
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -178,6 +178,36 @@ RUN_MODE = ; prod
 ;OFFLINE_MODE = false
 ;DISABLE_ROUTER_LOG = false
 ;;
+;; TLS Settings: Either ACME or manual
+;; (Other common TLS configuration are found before)
+;ENABLE_ACME = false
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; ACME automatic TLS settings
+;;
+;; ACME directory URL (e.g. LetsEncrypt's staging/testing URL: https://acme-staging-v02.api.letsencrypt.org/directory)
+;; Leave empty to default to LetsEncrypt's (production) URL
+;ACME_URL =
+;;
+;; Explicitly accept the ACME's TOS. The specific TOS cannot be retrieved at the moment.
+;ACME_ACCEPTTOS = false
+;;
+;; If the ACME CA is not in your system's CA trust chain, it can be manually added here
+;ACME_CA_ROOT =
+;;
+;; Email used for the ACME registration service
+;; Can be left blank to initialize at first run and use the cached value
+;ACME_EMAIL =
+;;
+;; ACME live directory (not to be confused with ACME directory URL: ACME_URL)
+;; (Refer to caddy's ACME manager https://github.com/caddyserver/certmagic)
+;ACME_DIRECTORY = https
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;;  Manual TLS settings: (Only applicable if ENABLE_ACME=false)
+;;
 ;; Generate steps:
 ;; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
 ;;