From fc3dfa68447b592e8de82490d9a85a505c303e1e Mon Sep 17 00:00:00 2001
From: "Jonathan Leibiusky @xetorthio" <ionathan@gmail.com>
Date: Wed, 30 Aug 2017 10:31:26 -0300
Subject: [PATCH] Add let's encrypt support

---
 config/config.go      | 18 +++++++++++++++++-
 handlers/bootstrap.go | 21 +++++++++++++++++++--
 2 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/config/config.go b/config/config.go
index 4514116..6f890c3 100644
--- a/config/config.go
+++ b/config/config.go
@@ -2,6 +2,7 @@ package config
 
 import (
 	"flag"
+	"fmt"
 	"os"
 	"regexp"
 	"time"
@@ -21,11 +22,26 @@ var NameFilter = regexp.MustCompile(PWDHostPortGroupRegex)
 var AliasFilter = regexp.MustCompile(AliasPortGroupRegex)
 
 var SSLPortNumber, PortNumber, Key, Cert, SessionsFile, PWDContainerName, L2ContainerName, L2Subdomain, PWDCName, HashKey, SSHKeyPath, L2RouterIP string
+var UseLetsEncrypt bool
+var LetsEncryptCertsDir string
+var LetsEncryptDomains stringslice
 var MaxLoadAvg float64
 
+type stringslice []string
+
+func (i *stringslice) String() string {
+	return fmt.Sprintf("%s", *i)
+}
+func (i *stringslice) Set(value string) error {
+	*i = append(*i, value)
+	return nil
+}
+
 func ParseFlags() {
+	flag.Var(&LetsEncryptDomains, "letsencrypt-domain", "List of domains to validate with let's encrypt")
+	flag.StringVar(&LetsEncryptCertsDir, "letsencrypt-certs-dir", "/certs", "Path where let's encrypt certs will be stored")
+	flag.BoolVar(&UseLetsEncrypt, "use-letsencrypt", false, "Enabled let's encrypt tls certificates")
 	flag.StringVar(&PortNumber, "port", "3000", "Give a TCP port to run the application")
-	flag.StringVar(&SSLPortNumber, "sslPort", "3001", "Give a SSL TCP port")
 	flag.StringVar(&Key, "key", "./pwd/server-key.pem", "Server key for SSL")
 	flag.StringVar(&Cert, "cert", "./pwd/server.pem", "Give a SSL cert")
 	flag.StringVar(&SessionsFile, "save", "./pwd/sessions", "Tell where to store sessions file")
diff --git a/handlers/bootstrap.go b/handlers/bootstrap.go
index 7a21804..fa506b4 100644
--- a/handlers/bootstrap.go
+++ b/handlers/bootstrap.go
@@ -1,11 +1,14 @@
 package handlers
 
 import (
+	"crypto/tls"
 	"log"
 	"net/http"
 	"os"
 	"time"
 
+	"golang.org/x/crypto/acme/autocert"
+
 	"github.com/googollee/go-socket.io"
 	gh "github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
@@ -91,9 +94,23 @@ func Register() {
 		IdleTimeout:       30 * time.Second,
 		ReadHeaderTimeout: 5 * time.Second,
 	}
+	if config.UseLetsEncrypt {
+		certManager := autocert.Manager{
+			Prompt:     autocert.AcceptTOS,
+			HostPolicy: autocert.HostWhitelist(config.LetsEncryptDomains...),
+			Cache:      autocert.DirCache(config.LetsEncryptCertsDir),
+		}
+
+		httpServer.TLSConfig = &tls.Config{
+			GetCertificate: certManager.GetCertificate,
+		}
+		log.Println("Listening on port " + config.PortNumber)
+		log.Fatal(httpServer.ListenAndServeTLS("", ""))
+	} else {
+		log.Println("Listening on port " + config.PortNumber)
+		log.Fatal(httpServer.ListenAndServe())
+	}
 
-	log.Println("Listening on port " + config.PortNumber)
-	log.Fatal(httpServer.ListenAndServe())
 }
 
 func RegisterEvents(s *socketio.Server) {