Add Auto-HTTPS

[bscott]

Add support for automatic TLS with LetsEncrypt using custom server.

[robbyoconnor]

In most cases, won't your app sit behind a reverse proxy/load balancer?

[stanislas-m]

@robbyoconnor In most cases, yes. But prod setups are not all the same, so we should help in those cases too. :)

[robbyoconnor]

I wasn't saying it was a bad idea :)

…

On 06/18/2018 12:55 AM, Stanislas Michalak wrote: @robbyoconnor <https://github.com/robbyoconnor> In most cases, yes. But prod setups are not all the same, so we should help in those cases too. :) — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1113 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABaMHeLHE8kVb5nXeG2f0hEDxjaN09Iks5t9zLLgaJpZM4UqpO_>.

[bscott]

Trying to think how to approach a PR for this. Wondering if buffalo new should take an argument to enable Auto TLS?, Any ideas how we would support this?

Example client:
https://godoc.org/golang.org/x/crypto/acme/autocert

[robbyoconnor]

Yeah -- why not make an argument to `buffalo new`  --- or even a plugin maybe?

…

On 06/20/2018 12:45 AM, Brian Scott wrote: Trying to think how to approach a PR for this. Wondering if |buffalo new| should take an argument to enable Auto TLS?, Any ideas how we would support this? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1113 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABaMAwNDNYOBLNJoK6gP8uchwcktSsWks5t-dN9gaJpZM4UqpO_>.

[markbates]

If it was me, :), I would write a package somewhere that has an implementation of the new Server interface and then people can just import it and pass in a version of that server to Start.

…

On Jun 20, 2018, 1:30 AM -0400, robbyoconnor ***@***.***>, wrote: Yeah -- why not make an argument to `buffalo new`  --- or even a plugin maybe? On 06/20/2018 12:45 AM, Brian Scott wrote: > > Trying to think how to approach a PR for this. Wondering if |buffalo > new| should take an argument to enable Auto TLS?, Any ideas how we > would support this? > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <#1113 (comment)>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/AABaMAwNDNYOBLNJoK6gP8uchwcktSsWks5t-dN9gaJpZM4UqpO_>. > — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[hdm]

Some example code for this if anyone is interested in making it official: https://gist.github.com/hdm/d271eb94a51f7f908ecb9ddc82d2b644

[dschulz]

Just my 2 cents: CertMagic is a fine option.

[hut8]

I used https://gist.github.com/hdm/d271eb94a51f7f908ecb9ddc82d2b644 today and it worked perfectly. Big fan of that. Thanks, @hdm ! I'm trying to integrate this into buffalo itself. As far as I can tell, the contents of that gist wouldn't actually need to be generated and put into one's project, it seems like Buffalo could just run this instead of the other code to generate the "servers.Server" if an environment variable or YAML config says so. Thoughts on implementation?

My only concern would be this:
If you have your buffalo app running on several servers, and the cert cache directory isn't shared, each app will attempt to get its own LetsEncrypt cert. Maybe this is a documentation issue mostly. Also, when deployed in a container, the place that the certs are stored needs to be configured separately in a volume somewhere. Likewise, if you have N webservers, and the directory is shared, then if they are all deployed simultaneously, they will still attempt to obtain N certificates simultaneously which is probably bad (I am not a letsencrypt expert so maybe this isn't even a problem).