SuffolkLITLab / EfileProxyServer

A proxy server that acts as an Efiling Service Provider, connecting guided interviews to Efiling Managers on Tyler Technologies implementation of ECF 4.0
https://suffolklitlab.org/docassemble-AssemblyLine-documentation/docs/efiling/overview/
MIT License
3 stars 2 forks source link

ACME/Lets Encrypt support + arbitrary ports #106

Closed BryceStevenWilley closed 2 years ago

BryceStevenWilley commented 2 years ago

ACME support

ACME (automatic certification management environment) is standard that Lets Encrypt uses to automatically generated certificates for your site. This PR lets you start a cert challenge from a separate program (AcmeRenewal), and then detect and publish the token from the main server. Flexible enough that it should be able to run on a timer automatically when you don't have to interactively agree to the terms of service.

Uses acme4j, with most of the AcmeRenewal class coming from https://shredzone.org/maven/acme4j/example.html.

Starts progress on #80, though it doesn't finish it; we still need to turn the.pem cert into a Java key store file, copy it to the right place, restart the server so it can use the new cert, and then put the whole thing on a weekly (?, maybe daily?) timer (see the TODOs remaining in AcmeRenewal).

Simplify URL env var passing

No more BASE_LOCAL_URL or CURRENT_URL env vars: just a single EXTERNAL_URL var. The BASE_LOCAL_URL java var is determined automatically base on if you are running with HTTPS or not.

Also changes the docker-compose to use 80 and 443 instead of 9000 externally. I personally am the only person who is routinely running this on the same machine as docassemble, and most of the time you wont want to. If you do, notably, you won't need to separately renew your TLS certs (i.e. the above feature, which is why these separate features are bundled).