A proxy server that acts as an Efiling Service Provider, connecting guided interviews to Efiling Managers on Tyler Technologies implementation of ECF 4.0
ACME (automatic certification management environment) is standard that Lets Encrypt uses to automatically generated certificates for your site. This PR lets you start a cert challenge from a separate program (AcmeRenewal), and then detect and publish the token from the main server. Flexible enough that it should be able to run on a timer automatically when you don't have to interactively agree to the terms of service.
Starts progress on #80, though it doesn't finish it; we still need to turn the.pem cert into a Java key store file, copy it
to the right place, restart the server so it can use the new cert, and then put the whole thing on a weekly (?, maybe daily?) timer (see the TODOs remaining in AcmeRenewal).
Simplify URL env var passing
No more BASE_LOCAL_URL or CURRENT_URL env vars: just a single EXTERNAL_URL var. The BASE_LOCAL_URL java var is determined automatically base on if you are running with HTTPS or not.
Also changes the docker-compose to use 80 and 443 instead of 9000 externally. I personally am the only person who is routinely running this on the same machine as docassemble, and most of the time you wont want to. If you do, notably, you won't need to separately renew your TLS certs (i.e. the above feature, which is why these separate features are bundled).
ACME support
ACME (automatic certification management environment) is standard that Lets Encrypt uses to automatically generated certificates for your site. This PR lets you start a cert challenge from a separate program (
AcmeRenewal
), and then detect and publish the token from the main server. Flexible enough that it should be able to run on a timer automatically when you don't have to interactively agree to the terms of service.Uses acme4j, with most of the
AcmeRenewal
class coming from https://shredzone.org/maven/acme4j/example.html.Starts progress on #80, though it doesn't finish it; we still need to turn the
.pem
cert into a Java key store file, copy it to the right place, restart the server so it can use the new cert, and then put the whole thing on a weekly (?, maybe daily?) timer (see the TODOs remaining inAcmeRenewal
).Simplify URL env var passing
No more
BASE_LOCAL_URL
orCURRENT_URL
env vars: just a singleEXTERNAL_URL
var. TheBASE_LOCAL_URL
java var is determined automatically base on if you are running with HTTPS or not.Also changes the docker-compose to use 80 and 443 instead of 9000 externally. I personally am the only person who is routinely running this on the same machine as docassemble, and most of the time you wont want to. If you do, notably, you won't need to separately renew your TLS certs (i.e. the above feature, which is why these separate features are bundled).