Thanks Sean Liao, Kurtis Rader, Marko Ristin-Kaufman, and cg-guy.  
Apologies for not responding sooner.

I looked at the code for Caddy and revproxyry.  Neat stuff for sure and I'd 
seriously consider them for a more elaborate project.

Thinking through my needs I concluded that it's probably better not to 
embed the process of obtaining and renewing certificates in the 
infinite-etudes code.  That way if someone chooses to run their own 
instance, they can do whatever makes the most sense within on their choice 
of host platform.

So I ended up biting the bullet and learning how to use systemd.  The unit 
file I ended up with is below. It sets Restart=always to ensure that the 
program reloads no matter what and uses ExecStartPre to attempt to renew 
the certificate before starting the server.  Seems reliable across reboots 
and killing the infinite-etudes process.  I won't know for sure until the 
cert actually expires in month or so but the logs show that certbot is 
being invoked whenever the service reloads.  It detects that the certs are 
unexpired and returns success on exit.

[Unit]
Description=Infinite Etudes server
After=network.target

[Service]
Type=simple
User=mellis
WorkingDirectory=/home/mellis/ietudes
# Always attempt to renew the certificate before (re)starting 
infinite-etudes
ExecStartPre=+/usr/bin/certbot renew
# infinite-etudes needs two environment variables that give full paths to 
the certificate
# fullchain and key files.
Environment="IETUDE_CERT_PATH=/etc/letsencrypt/live/etudes.ellisandgrant.com/fullchain.pem"
Environment="IETUDE_CERTKEY_PATH=/etc/letsencrypt/live/etudes.ellisandgrant.com/privkey.pem"
# run infinite-etudes as an https server
ExecStart=/home/mellis/go/bin/infinite-etudes -s -p :443
# Ensure that the process is always restarted on failure or if terminated 
by a signal
# A 5 second restart delay is used to reduce the possibility of thrashing if
# something is badly wrong.
Restart=always
RestartSec=5

[Install]

WantedBy=multi-user.target

Thanks, again, for the help.

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/bca87840-abed-4af2-84d6-8169078f6ae0%40googlegroups.com.

Reply via email to