diff --git a/app.go b/app.go index 8be137cf..1e6b7bcf 100644 --- a/app.go +++ b/app.go @@ -12,6 +12,7 @@ import ( "github.com/rs/zerolog/log" "github.com/gin-gonic/gin" + "golang.org/x/crypto/acme" "golang.org/x/crypto/acme/autocert" "gorm.io/gorm" "inet.af/netaddr" @@ -44,6 +45,9 @@ type Config struct { TLSCertPath string TLSKeyPath string + ACMEURL string + ACMEEmail string + DNSConfig *tailcfg.DNSConfig } @@ -195,6 +199,10 @@ func (h *Headscale) Serve() error { Prompt: autocert.AcceptTOS, HostPolicy: autocert.HostWhitelist(h.cfg.TLSLetsEncryptHostname), Cache: autocert.DirCache(h.cfg.TLSLetsEncryptCacheDir), + Client: &acme.Client{ + DirectoryURL: h.cfg.ACMEURL, + }, + Email: h.cfg.ACMEEmail, } s.TLSConfig = m.TLSConfig() diff --git a/cmd/headscale/cli/utils.go b/cmd/headscale/cli/utils.go index 7ada6693..ac739a02 100644 --- a/cmd/headscale/cli/utils.go +++ b/cmd/headscale/cli/utils.go @@ -169,6 +169,9 @@ func getHeadscaleApp() (*headscale.Headscale, error) { TLSCertPath: absPath(viper.GetString("tls_cert_path")), TLSKeyPath: absPath(viper.GetString("tls_key_path")), + ACMEEmail: absPath(viper.GetString("acme_email")), + ACMEURL: absPath(viper.GetString("acme_url")), + DNSConfig: GetDNSConfig(), } diff --git a/config.json.postgres.example b/config.json.postgres.example index aba72063..e9118204 100644 --- a/config.json.postgres.example +++ b/config.json.postgres.example @@ -10,6 +10,8 @@ "db_name": "headscale", "db_user": "foo", "db_pass": "bar", + "acme_url": "https://acme-v02.api.letsencrypt.org/directory", + "acme_email": "", "tls_letsencrypt_hostname": "", "tls_letsencrypt_listen": ":http", "tls_letsencrypt_cache_dir": ".cache", diff --git a/config.json.sqlite.example b/config.json.sqlite.example index b22e5ace..5afa450f 100644 --- a/config.json.sqlite.example +++ b/config.json.sqlite.example @@ -6,6 +6,8 @@ "ephemeral_node_inactivity_timeout": "30m", "db_type": "sqlite3", "db_path": "db.sqlite", + "acme_url": "https://acme-v02.api.letsencrypt.org/directory", + "acme_email": "", "tls_letsencrypt_hostname": "", "tls_letsencrypt_listen": ":http", "tls_letsencrypt_cache_dir": ".cache",