Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrSudoRequired = errors.New("sudo required")
ErrSudoRequired is returned when an operation requires elevated privileges that are not currently available.
Functions ¶
func AddHosts ¶
AddHosts adds the given hostnames to /etc/hosts pointing to 127.0.0.1. Existing entries (with or without the nself-managed marker) are not duplicated. Each added line is tagged with "# nself-managed".
Returns ErrSudoRequired if the file cannot be written due to permissions. Wildcard entries (e.g. *.example.com) are skipped because /etc/hosts does not support wildcards.
AddHosts is the exported form for use by the dns-setup command.
func CheckCertExpiry ¶
CheckCertExpiry reads the PEM-encoded x509 certificate at certPath, computes the number of days until it expires, and returns that count. If the certificate is already expired, it returns 0 and an error. If fewer than 30 days remain, a WARN is written to stderr and the remaining days are returned with a nil error.
func IsCAInstalled ¶
IsCAInstalled checks whether the mkcert CA certificate at caPath is already trusted by the OS trust store.
On macOS: queries the system keychain via `security find-certificate`. On Linux: checks whether the cert file is present in the system CA bundle dir. On Windows: queries certutil -store Root. Returns (false, nil) when caPath does not exist.
func ManualInstallCommand ¶
ManualInstallCommand returns the platform-specific command string that the user can run manually to trust the CA, for use in fallback messages.
func MkcertCACertPath ¶
MkcertCACertPath returns the expected path to the mkcert root CA certificate.
Types ¶
type GenerateResult ¶
type GenerateResult struct {
// Count is the number of certificate sets generated.
Count int
// CAInstalled is true when the mkcert CA was already trusted or was
// successfully installed during this call.
CAInstalled bool
// CAManualCmd is non-empty when the CA could not be installed automatically.
// It holds the command the user should run manually.
CAManualCmd string
// HostsAdded is the number of new /etc/hosts entries written.
HostsAdded int
// HostsManualNote is non-empty when the hosts file could not be written.
HostsManualNote string
}
GenerateResult holds the output of a Generate call including trust/hosts status.
type Generator ¶
type Generator struct {
// contains filtered or unexported fields
}
Generator creates SSL certificates for all domains in the project configuration.
func NewGenerator ¶
NewGenerator creates an SSL Generator from the given config.
func (*Generator) CollectDomains ¶
CollectDomains gathers all Subject Alternative Names (SANs) needed for the project's SSL certificate. The list is deduplicated. It is exported for use by the dns-setup command.
func (*Generator) Generate ¶
Generate creates SSL certificates for all collected domains. Certificates are written to outputDir/certificates/{dir}/fullchain.pem and privkey.pem. Returns the count of certificate sets generated.
func (*Generator) GenerateWithResult ¶
func (g *Generator) GenerateWithResult(outputDir string) (*GenerateResult, error)
GenerateWithResult creates SSL certificates and returns detailed results including the CA trust and /etc/hosts steps.
When SSL_MODE is "letsencrypt", "custom", or "none", local certificate generation is skipped. In letsencrypt mode, certbot provisions the real certs after the stack starts. In custom mode, the user supplies their own certs. In none mode, SSL is disabled entirely. Nginx must be configured to start without SSL cert references in these modes — see nginx/generator.go.
Source Files