diff --git a/server.go b/server.go index 9e2238c..23efa74 100644 --- a/server.go +++ b/server.go @@ -34,6 +34,9 @@ var ( func init() { setMyIpAndPtrAddr(&myIp, &myPtrAddr) + if len(myPtrAddr) > 0 { + tlsCertManager.HostPolicy = autocert.HostWhitelist(append(allowedHosts, myPtrAddr)...) + } } // setMyIpAndPtrAddr attempts to set myIp and myPtrAddr @@ -75,7 +78,10 @@ func newHttpReverseProxy(addr string, serveTls bool) *httpReverseProxy { server.Addr = addr server.serveTls = serveTls if server.serveTls { - server.TLSConfig = &tls.Config{GetCertificate: tlsCertManager.GetCertificate} + server.TLSConfig = &tls.Config{ + GetCertificate: tlsCertManager.GetCertificate, + MinVersion: tls.VersionTLS12, + } } proxy := new(httputil.ReverseProxy) @@ -91,7 +97,7 @@ func newHttpReverseProxy(addr string, serveTls bool) *httpReverseProxy { } mux := http.NewServeMux() - // Hostnames specified in the variable allowedHosts for which the reverse proxy should direct requests to the target host + // Hostnames for which the reverse proxy should direct requests to the target host for _, host := range allowedHosts { mux.Handle(host+"/", proxy) mux.Handle(host+"/.well-known/acme-challenge/", tlsCertManager.HTTPHandler(nil)) @@ -122,15 +128,17 @@ func newHttpReverseProxy(addr string, serveTls bool) *httpReverseProxy { // listenAndServe will call ListenAndServe or ListenAndServeTLS on httpReverseProxy to handle requests on incoming connections func (t *httpReverseProxy) listenAndServe() { - fmt.Printf("Listening on %s\n", t.Addr) var err error + + fmt.Printf("Listening on %s\n", t.Addr) + if t.serveTls { err = t.ListenAndServeTLS("", "") } else { err = t.ListenAndServe() } if err != nil { - log.Fatalf("listenAndServe, Addr: %s, serveTls: %s, error: %s", t.Addr, strconv.FormatBool(t.serveTls), err) + log.Fatalf("listenAndServe, Addr: %s, serveTls: %s, error: %v", t.Addr, strconv.FormatBool(t.serveTls), err) } } @@ -139,10 +147,6 @@ func main() { log.Fatalf("Invalid Let's Encrypt account email: %v\n", err) } - if len(myPtrAddr) > 0 { - tlsCertManager.HostPolicy = autocert.HostWhitelist(append(allowedHosts, myPtrAddr)...) - } - fmt.Print("Allowed hosts: ") fmt.Println(allowedHosts) fmt.Print("PTR record (if any): ")