diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample index 29e147add..190b838b8 100644 --- a/custom/conf/app.ini.sample +++ b/custom/conf/app.ini.sample @@ -275,8 +275,9 @@ DISABLE_ROUTER_LOG = false ; not forget to export the private key): ; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes -CERT_FILE = custom/https/cert.pem -KEY_FILE = custom/https/key.pem +; Paths are relative to CUSTOM_PATH +CERT_FILE = https/cert.pem +KEY_FILE = https/key.pem ; Root directory containing templates and static files. ; default is the path where Gitea is executed STATIC_ROOT_PATH = diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index ea17096ea..feea2dbcc 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -181,8 +181,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. - `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server. - `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures. - `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log. -- `CERT_FILE`: **custom/https/cert.pem**: Cert file path used for HTTPS. -- `KEY_FILE`: **custom/https/key.pem**: Key file path used for HTTPS. +- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`. +- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`. - `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path. - `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars. - `ENABLE_GZIP`: **false**: Enables application-level GZIP support. diff --git a/modules/graceful/server.go b/modules/graceful/server.go index 30fb8cdff..19ce8a866 100644 --- a/modules/graceful/server.go +++ b/modules/graceful/server.go @@ -7,6 +7,7 @@ package graceful import ( "crypto/tls" + "io/ioutil" "net" "os" "strings" @@ -99,12 +100,25 @@ func (srv *Server) ListenAndServeTLS(certFile, keyFile string, serve ServeFuncti } config.Certificates = make([]tls.Certificate, 1) - var err error - config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile) + + certPEMBlock, err := ioutil.ReadFile(certFile) if err != nil { log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, srv.network, srv.address, err) return err } + + keyPEMBlock, err := ioutil.ReadFile(keyFile) + if err != nil { + log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, srv.network, srv.address, err) + return err + } + + config.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock) + if err != nil { + log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, srv.network, srv.address, err) + return err + } + return srv.ListenAndServeTLSConfig(config, serve) } diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 17c84d3d3..4183c203e 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -554,6 +554,12 @@ func NewContext() { Protocol = HTTPS CertFile = sec.Key("CERT_FILE").String() KeyFile = sec.Key("KEY_FILE").String() + if !filepath.IsAbs(CertFile) && len(CertFile) > 0 { + CertFile = filepath.Join(CustomPath, CertFile) + } + if !filepath.IsAbs(KeyFile) && len(KeyFile) > 0 { + KeyFile = filepath.Join(CustomPath, KeyFile) + } case "fcgi": Protocol = FCGI case "fcgi+unix":