Initial implementation of global default SNI option (#3047)

* add global default sni * fixed grammar * httpcaddyfile: Reduce some duplicated code * Um, re-commit already-committed commit, I guess? (sigh) Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
author: Mark Sargent <99003+sarge@users.noreply.github.com> 2020-02-27 12:01:47 +1300
committer: GitHub <noreply@github.com> 2020-02-26 16:01:47 -0700
commit: 2de0acc11fcaaed9e4b3561d9a2d1457f015e9e3 (patch)
tree: 3b6cea17a201102cc2a4efec2bcba338fc16066e
parent: 5d97522d18da39cd3f9dd309774a5ad2c51f4c51 (diff)
3 files changed, 24 insertions, 20 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go
index e3fcdd2..8dda183 100644
--- a/caddyconfig/httpcaddyfile/httptype.go
+++ b/caddyconfig/httpcaddyfile/httptype.go
@@ -169,9 +169,10 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock,
 
 	// now that each server is configured, make the HTTP app
 	httpApp := caddyhttp.App{
-		HTTPPort:  tryInt(options["http_port"], &warnings),
-		HTTPSPort: tryInt(options["https_port"], &warnings),
-		Servers:   servers,
+		HTTPPort:   tryInt(options["http_port"], &warnings),
+		HTTPSPort:  tryInt(options["https_port"], &warnings),
+		DefaultSNI: tryString(options["default_sni"], &warnings),
+		Servers:    servers,
 	}
 
 	// now for the TLS app! (TODO: refactor into own func)
@@ -364,6 +365,8 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options
 			val, err = parseOptHTTPPort(disp)
 		case "https_port":
 			val, err = parseOptHTTPSPort(disp)
+		case "default_sni":
+			val, err = parseOptSingleString(disp)
 		case "order":
 			val, err = parseOptOrder(disp)
 		case "experimental_http3":
@@ -371,9 +374,9 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options
 		case "storage":
 			val, err = parseOptStorage(disp)
 		case "acme_ca", "acme_dns", "acme_ca_root":
-			val, err = parseOptACME(disp)
+			val, err = parseOptSingleString(disp)
 		case "email":
-			val, err = parseOptEmail(disp)
+			val, err = parseOptSingleString(disp)
 		case "admin":
 			val, err = parseOptAdmin(disp)
 		case "debug":
@@ -951,6 +954,14 @@ func tryInt(val interface{}, warnings *[]caddyconfig.Warning) int {
 	return intVal
 }
 
+func tryString(val interface{}, warnings *[]caddyconfig.Warning) string {
+	stringVal, ok := val.(string)
+	if val != nil && !ok && warnings != nil {
+		*warnings = append(*warnings, caddyconfig.Warning{Message: "not a string type"})
+	}
+	return stringVal
+}
+
 // sliceContains returns true if needle is in haystack.
 func sliceContains(haystack []string, needle string) bool {
 	for _, s := range haystack {
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go
index fdecfa4..f8c221c 100644
--- a/caddyconfig/httpcaddyfile/options.go
+++ b/caddyconfig/httpcaddyfile/options.go
@@ -162,19 +162,7 @@ func parseOptStorage(d *caddyfile.Dispenser) (caddy.StorageConverter, error) {
 	return storage, nil
 }
 
-func parseOptACME(d *caddyfile.Dispenser) (string, error) {
-	d.Next() // consume parameter name
-	if !d.Next() {
-		return "", d.ArgErr()
-	}
-	val := d.Val()
-	if d.Next() {
-		return "", d.ArgErr()
-	}
-	return val, nil
-}
-
-func parseOptEmail(d *caddyfile.Dispenser) (string, error) {
+func parseOptSingleString(d *caddyfile.Dispenser) (string, error) {
 	d.Next() // consume parameter name
 	if !d.Next() {
 		return "", d.ArgErr()
@@ -190,11 +178,9 @@ func parseOptAdmin(d *caddyfile.Dispenser) (string, error) {
 	if d.Next() {
 		var listenAddress string
 		d.AllArgs(&listenAddress)
-
 		if listenAddress == "" {
 			listenAddress = caddy.DefaultAdminListen
 		}
-
 		return listenAddress, nil
 	}
 	return "", nil
diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go
index 135afef..f78b198 100644
--- a/modules/caddyhttp/caddyhttp.go
+++ b/modules/caddyhttp/caddyhttp.go
@@ -29,6 +29,7 @@ import (
 
 	"github.com/caddyserver/caddy/v2"
 	"github.com/lucas-clemente/quic-go/http3"
+	"github.com/mholt/certmagic"
 	"go.uber.org/zap"
 )
 
@@ -111,6 +112,10 @@ type App struct {
 	// affect functionality.
 	Servers map[string]*Server `json:"servers,omitempty"`
 
+	// DefaultSNI if set configures all certificate lookups to fallback to use
+	// this SNI name if a more specific certificate could not be found
+	DefaultSNI string `json:"default_sni,omitempty"`
+
 	servers     []*http.Server
 	h3servers   []*http3.Server
 	h3listeners []net.PacketConn
@@ -134,6 +139,8 @@ func (app *App) Provision(ctx caddy.Context) error {
 
 	repl := caddy.NewReplacer()
 
+	certmagic.Default.DefaultServerName = app.DefaultSNI
+
 	// this provisions the matchers for each route,
 	// and prepares auto HTTP->HTTP redirects, and
 	// is required before we provision each server
author	Mark Sargent <99003+sarge@users.noreply.github.com>	2020-02-27 12:01:47 +1300
committer	GitHub <noreply@github.com>	2020-02-26 16:01:47 -0700
commit	2de0acc11fcaaed9e4b3561d9a2d1457f015e9e3 (patch)
tree	3b6cea17a201102cc2a4efec2bcba338fc16066e
parent	5d97522d18da39cd3f9dd309774a5ad2c51f4c51 (diff)