diff options
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | cmd/cashierd/main.go | 3 |
2 files changed, 5 insertions, 2 deletions
@@ -100,11 +100,11 @@ For any option that takes a file path as a parameter (e.g. SSH signing key, TLS - A [Vault](https://www.vaultproject.io) path + key starting with `/vault/` e.g. `/vault/secret/cashier/ssh_signing_key`. You should add a [vault](#vault) config as needed. ## server -- `use_tls` : boolean. If this is set then `tls_key` and `tls_cert` are required. +- `use_tls` : boolean. If this is set then either `tls_key` and `tls_cert` are required, or `letsencrypt_servername` is required. - `tls_key` : string. Path to the TLS key. See the [note](#a-note-on-files) on files above. - `tls_cert` : string. Path to the TLS cert. See the [note](#a-note-on-files) on files above. - `letsencrypt_servername`: string. If set will request a certificate from LetsEncrypt. This should match the expected FQDN of the server. -- `letsencrypt_cachedir: string. Directory to cache the LetsEncrypt certificate. +- `letsencrypt_cachedir`: string. Directory to cache the LetsEncrypt certificate. - `address` : string. IP address to listen on. If unset the server listens on all addresses. - `port` : int. Port to listen on. - `user` : string. User to which the server drops privileges to. diff --git a/cmd/cashierd/main.go b/cmd/cashierd/main.go index 52b6a8b..fb67a36 100644 --- a/cmd/cashierd/main.go +++ b/cmd/cashierd/main.go @@ -357,6 +357,9 @@ func main() { } tlsConfig.GetCertificate = m.GetCertificate } else { + if conf.Server.TLSCert == "" || conf.Server.TLSKey == "" { + log.Fatal("TLS cert or key not specified in config") + } tlsConfig.Certificates = make([]tls.Certificate, 1) tlsConfig.Certificates[0], err = loadCerts(conf.Server.TLSCert, conf.Server.TLSKey) if err != nil { |