http2/h2demo: use Let's Encrypt for the TLS cert

The Google-issue one expired and it's too onerous to request another and do it by hand. Change-Id: I221406bc66de4b027b979fd87f6ec38f66318f9e Reviewed-on: https://go-review.googlesource.com/33230 Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2026-03-31 18:37:08 +09:00 · 2016-11-14 19:34:23 +00:00
parent 6dfeb344d8
commit 0dd7c8d7c3
1 changed files with 9 additions and 27 deletions
--- a/http2/h2demo/h2demo.go
+++ b/http2/h2demo/h2demo.go
@@ -19,6 +19,7 @@ import (
 	"log"
 	"net"
 	"net/http"
+	"os"
 	"path"
 	"regexp"
 	"runtime"
@@ -27,8 +28,8 @@ import (
 	"sync"
 	"time"

-	"camlistore.org/pkg/googlestorage"
 	"go4.org/syncutil/singleflight"
+	"golang.org/x/crypto/acme/autocert"
 	"golang.org/x/net/http2"
 )

@@ -378,37 +379,18 @@ func httpHost() string {
 }

 func serveProdTLS() error {
-	c, err := googlestorage.NewServiceClient()
-	if err != nil {
+	const cacheDir = "/var/cache/autocert"
+	if err := os.MkdirAll(cacheDir, 0700); err != nil {
 		return err
 	}
-	slurp := func(key string) ([]byte, error) {
-		const bucket = "http2-demo-server-tls"
-		rc, _, err := c.GetObject(&googlestorage.Object{
-			Bucket: bucket,
-			Key:    key,
-		})
-		if err != nil {
-			return nil, fmt.Errorf("Error fetching GCS object %q in bucket %q: %v", key, bucket, err)
-		}
-		defer rc.Close()
-		return ioutil.ReadAll(rc)
-	}
-	certPem, err := slurp("http2.golang.org.chained.pem")
-	if err != nil {
-		return err
-	}
-	keyPem, err := slurp("http2.golang.org.key")
-	if err != nil {
-		return err
-	}
-	cert, err := tls.X509KeyPair(certPem, keyPem)
-	if err != nil {
-		return err
+	m := autocert.Manager{
+		Cache:      autocert.DirCache(cacheDir),
+		Prompt:     autocert.AcceptTOS,
+		HostPolicy: autocert.HostWhitelist("http2.golang.org"),
 	}
 	srv := &http.Server{
 		TLSConfig: &tls.Config{
-			Certificates: []tls.Certificate{cert},
+			GetCertificate: m.GetCertificate,
 		},
 	}
 	http2.ConfigureServer(srv, &http2.Server{})