mirror of
https://github.com/superseriousbusiness/gotosocial
synced 2025-06-05 21:59:39 +02:00
[feature] Allow loading TLS certs from disk (#1586)
Currently, GtS only supports using the built-in LE client directly for TLS. However, admins may still want to use GtS directly (so without a reverse proxy) but with certificates provided through some other mechanism. They may have some centralised way of provisioning these things themselves, or simply prefer to use LE but with a different challenge like DNS-01 which is not supported by autocert. This adds support for loading a public/private keypair from disk instead of using LE and reconfigures the server to use a TLS listener if we succeed in doing so. Additionally, being able to load TLS keypair from disk opens up the path to using a custom CA for testing purposes avoinding the need for a constellation of containers and something like Pebble or Step CA to provide LE APIs.
This commit is contained in:
@@ -1,4 +1,12 @@
|
||||
# LetsEncrypt
|
||||
# TLS
|
||||
|
||||
It's possible to configure TLS support in one of two ways:
|
||||
* Built-in support for Lets Encrypt / ACME compatible vendors
|
||||
* Loading TLS files from disk
|
||||
|
||||
It is not possible to have both methods enabled at the same time.
|
||||
|
||||
Note that when using TLS files loaded from disk you are responsible for restarting the instance when the files change. They are not automatically reloaded.
|
||||
|
||||
## Settings
|
||||
|
||||
@@ -39,4 +47,20 @@ letsencrypt-cert-dir: "/gotosocial/storage/certs"
|
||||
# Examples: ["admin@example.org"]
|
||||
# Default: ""
|
||||
letsencrypt-email-address: ""
|
||||
|
||||
##############################
|
||||
##### MANUAL TLS CONFIG #####
|
||||
##############################
|
||||
|
||||
# String. Path to a PEM-encoded file on disk that includes the certificate chain
|
||||
# and the public key
|
||||
# Examples: ["/gotosocial/storage/certs/chain.pem"]
|
||||
# Default: ""
|
||||
tls-certificate-chain: ""
|
||||
|
||||
# String. Path to a PEM-encoded file on disk containing the private key for the
|
||||
# associated tls-certificate-chain
|
||||
# Examples: ["/gotosocial/storage/certs/private.pem"]
|
||||
# Default: ""
|
||||
tls-certificate-key: ""
|
||||
```
|
Reference in New Issue
Block a user