Mercurial Hosting > luan

changeset 2060:546daa22aa39 acme-tiny tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
https - check IP of domain
author Franklin Schmidt <fschmidt@gmail.com>
date Thu, 13 Nov 2025 14:22:30 -0700
parents e22d4489aa7c
children
files host/test/test_https.luan src/luan/host/https.luan
diffstat 2 files changed, 26 insertions(+), 23 deletions(-) [+]
line wrap: on
line diff
--- a/host/test/test_https.luan	Thu Nov 13 00:13:16 2025 -0700
+++ b/host/test/test_https.luan	Thu Nov 13 14:22:30 2025 -0700
@@ -14,7 +14,7 @@
 local domain = "https.s3.luan.software"
 local site_dir = uri("file:local")
 local luanhost_dir = uri("file:..")
-local dry_run = nil  -- don't call acme_tiny
+local dry_run = true
 
 site_dir.mkdir()
 
--- a/src/luan/host/https.luan	Thu Nov 13 00:13:16 2025 -0700
+++ b/src/luan/host/https.luan	Thu Nov 13 14:22:30 2025 -0700
@@ -16,7 +16,8 @@
 local Logging = require "luan:logging/Logging.luan"
 local logger = Logging.logger "https"
 
-logger.info("Hello test")
+
+local my_ips = Io.my_ips()
 
 local function do_set_https(is_https,domain,site_dir,luanhost_dir,dry_run)
 	local nginx_file = site_dir.child("nginx.ssl.conf")
@@ -31,18 +32,23 @@
 
 	if is_https then -- https
 		if not key_file.exists() then
-			local is_local = ip(domain) == "127.0.0.1"
+			local domain_ip = ip(domain)
+			local is_local = domain_ip == "127.0.0.1"
 			logger.info("is_local "..is_local)
 
 			-- Use openssl directly to make a self-signed cert,
 			-- no external cert authority involved
 			if is_local then
 				local cmd = [[
-							./local_https.sh "]]..domain..[["
-						]]
+					./local_https.sh "]]..domain..[["
+				]]
 				local s = uri("bash:"..cmd).read_text()
 				logger.info("issue local certificate")
 			else
+				if my_ips[domain_ip] ~= true then
+					logger.error("the domain "..domain.." doesn't map to this machine")
+					return
+				end
 				-- set up a temporary barebones nginx conf
 				-- to serve acme challenges on the domain
 				local temp_dir = uri("file:/tmp/acme_setup/"..domain)
@@ -92,25 +98,22 @@
 					local s = uri("bash:"..cmd).read_text()
 					logger.info("create cert\n"..s)
 
-					if dry_run == nil then
-						logger.info("don't call acme_tiny")
-					else
-						-- Finally, get our cert signed by letsencrypt.
-						local cmd = [[
-							./acme_tiny --account-key ./local/tiny_account.key \
-							--csr ]]..csr_file_str..[[ \
-							--acme-dir ]]..acme_challenges..[[ \
-						]]
-						if dry_run then
-							local dry_run_dir_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
-							cmd = cmd.." --directory-url "..dry_run_dir_url
-						end
-						local local_cer_file_str = local_cer_file.canonical().to_string()
-						cmd = cmd.."> "..local_cer_file_str
-	
-						local s = uri("bash:"..cmd).read_text()
-						logger.info("get cert signed by letsencrypt\n"..s)
+					-- Finally, get our cert signed by letsencrypt.
+					local cmd = [[
+						]]..luanhost_dir_str..[[/acme_tiny --account-key ]]..luanhost_dir_str..[[/local/tiny_account.key \
+						--csr ]]..csr_file_str..[[ \
+						--acme-dir ]]..acme_challenges..[[ \
+					]]
+					if dry_run then
+						local dry_run_dir_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
+						cmd = cmd.." --directory-url "..dry_run_dir_url
 					end
+					local local_cer_file_str = local_cer_file.canonical().to_string()
+					cmd = cmd.."> "..local_cer_file_str
+
+					local s = uri("bash:"..cmd).read_text()
+					logger.info("get cert signed by letsencrypt\n"..s)
+
 				catch e
 					logger.error("Error setting up ACME: "..e)
 				finally