From 7f1eee146e5446b1a991a5a09f7326544a90e0e4 Mon Sep 17 00:00:00 2001 From: "A. Schulze" Date: Wed, 27 Mar 2024 21:34:57 +0100 Subject: [PATCH] Version 2.3.0 --- CHANGELOG.md | 6 ++++++ Dockerfile | 2 +- README.md | 6 ++++++ go.mod | 2 +- scmdhttpd.go | 10 +++++++--- 5 files changed, 21 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ea550a..b2cd393 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 2.3.0 + +- RFC 9116 support +- FIX: fetching ACME certs was broken, don't use 2.2.x! +- use go-1.22.x + ## 2.2.1 - updated Github workflows diff --git a/Dockerfile b/Dockerfile index b2d5fa0..ac0766a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21-bookworm AS builder +FROM golang:1.22-bookworm AS builder WORKDIR /scmdhttpd/ COPY go.mod go.sum *.go ./ diff --git a/README.md b/README.md index 280e028..a92d570 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,12 @@ wenn dort das Ziel als 2. Wert hinter einem Hostnamen angegeben wird. CSS-Datei, die beim Aufruf der URL `/style.css` ausgegeben wird. +- `security.txt` + + "vulnerability disclosure information", die beim Aufruf der URL `/.well-known/security.txt` + ausgegeben wird. Die Datei sollte inhaltlich [RFC 9116](https://www.rfc-editor.org/rfc/rfc9116.html) + entspechen. + Werden die genannten URLs per HTTP aufgerufen, erfolgt ein [permanenter Redirect](https://datatracker.ietf.org/doc/html/rfc7231#section-6.4.2) auf die entsprechende HTTPS-URL. diff --git a/go.mod b/go.mod index 8908ecf..0166ac2 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/andreasschulze/scmdhttpd -go 1.21 +go 1.22 require golang.org/x/crypto v0.17.0 diff --git a/scmdhttpd.go b/scmdhttpd.go index 649bb9d..69d813c 100644 --- a/scmdhttpd.go +++ b/scmdhttpd.go @@ -25,14 +25,14 @@ import ( const ( certsDir = "certs" programName = "scmdHTTPd" - programVersion = "2.2.1" + programVersion = "2.3.0" ) var ( certdir = flag.String("certificate_dir", "certificate-dir", "Directory in which to store certificates.") acmeEndpoint = flag.String("acme_endpoint", "", "If set, uses a custom ACME endpoint URL. It doesn't make sense to use this with --staging.") staging = flag.Bool("staging", false, "If true, uses Let's Encrypt 'staging' environment instead of prod.") - datadir = flag.String("data_dir", "/data", "Directory where vhosts.conf, index.html, robots.txt an favicon.ico are found") + datadir = flag.String("data_dir", "/data", "Directory where vhosts.conf, index.html, robots.txt, security.txt and favicon.ico are found") version = flag.Bool("version", false, "print version and exit.") // global var @@ -182,6 +182,8 @@ func main() { fallthrough case "/style.css": fallthrough + case "/.well-known/security.txt": + fallthrough case "/": if r.TLS == nil { w.Header().Set("Connection", "close") @@ -209,6 +211,8 @@ func main() { if r.URL.Path == "/" { http.ServeFile(w, r, *datadir+"/index.html") + } else if r.URL.Path == "/.well-known/security.txt" { + http.ServeFile(w, r, *datadir+"/security.txt") } else { http.ServeFile(w, r, *datadir+r.URL.Path) } @@ -251,7 +255,7 @@ func main() { tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, } // disable http2 and higher - srvTLS.TLSConfig.NextProtos = []string{"http/1.0", "http/1.1"} + srvTLS.TLSConfig.NextProtos = []string{"http/1.0", "http/1.1", "acme-tls/1"} versionInfo("starting ")