summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Sargent <99003+sarge@users.noreply.github.com>2020-02-27 12:01:47 +1300
committerGitHub <noreply@github.com>2020-02-26 16:01:47 -0700
commit2de0acc11fcaaed9e4b3561d9a2d1457f015e9e3 (patch)
tree3b6cea17a201102cc2a4efec2bcba338fc16066e
parent5d97522d18da39cd3f9dd309774a5ad2c51f4c51 (diff)
Initial implementation of global default SNI option (#3047)
* add global default sni * fixed grammar * httpcaddyfile: Reduce some duplicated code * Um, re-commit already-committed commit, I guess? (sigh) Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
-rw-r--r--caddyconfig/httpcaddyfile/httptype.go21
-rw-r--r--caddyconfig/httpcaddyfile/options.go16
-rw-r--r--modules/caddyhttp/caddyhttp.go7
3 files changed, 24 insertions, 20 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go
index e3fcdd2..8dda183 100644
--- a/caddyconfig/httpcaddyfile/httptype.go
+++ b/caddyconfig/httpcaddyfile/httptype.go
@@ -169,9 +169,10 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock,
// now that each server is configured, make the HTTP app
httpApp := caddyhttp.App{
- HTTPPort: tryInt(options["http_port"], &warnings),
- HTTPSPort: tryInt(options["https_port"], &warnings),
- Servers: servers,
+ HTTPPort: tryInt(options["http_port"], &warnings),
+ HTTPSPort: tryInt(options["https_port"], &warnings),
+ DefaultSNI: tryString(options["default_sni"], &warnings),
+ Servers: servers,
}
// now for the TLS app! (TODO: refactor into own func)
@@ -364,6 +365,8 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options
val, err = parseOptHTTPPort(disp)
case "https_port":
val, err = parseOptHTTPSPort(disp)
+ case "default_sni":
+ val, err = parseOptSingleString(disp)
case "order":
val, err = parseOptOrder(disp)
case "experimental_http3":
@@ -371,9 +374,9 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options
case "storage":
val, err = parseOptStorage(disp)
case "acme_ca", "acme_dns", "acme_ca_root":
- val, err = parseOptACME(disp)
+ val, err = parseOptSingleString(disp)
case "email":
- val, err = parseOptEmail(disp)
+ val, err = parseOptSingleString(disp)
case "admin":
val, err = parseOptAdmin(disp)
case "debug":
@@ -951,6 +954,14 @@ func tryInt(val interface{}, warnings *[]caddyconfig.Warning) int {
return intVal
}
+func tryString(val interface{}, warnings *[]caddyconfig.Warning) string {
+ stringVal, ok := val.(string)
+ if val != nil && !ok && warnings != nil {
+ *warnings = append(*warnings, caddyconfig.Warning{Message: "not a string type"})
+ }
+ return stringVal
+}
+
// sliceContains returns true if needle is in haystack.
func sliceContains(haystack []string, needle string) bool {
for _, s := range haystack {
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go
index fdecfa4..f8c221c 100644
--- a/caddyconfig/httpcaddyfile/options.go
+++ b/caddyconfig/httpcaddyfile/options.go
@@ -162,19 +162,7 @@ func parseOptStorage(d *caddyfile.Dispenser) (caddy.StorageConverter, error) {
return storage, nil
}
-func parseOptACME(d *caddyfile.Dispenser) (string, error) {
- d.Next() // consume parameter name
- if !d.Next() {
- return "", d.ArgErr()
- }
- val := d.Val()
- if d.Next() {
- return "", d.ArgErr()
- }
- return val, nil
-}
-
-func parseOptEmail(d *caddyfile.Dispenser) (string, error) {
+func parseOptSingleString(d *caddyfile.Dispenser) (string, error) {
d.Next() // consume parameter name
if !d.Next() {
return "", d.ArgErr()
@@ -190,11 +178,9 @@ func parseOptAdmin(d *caddyfile.Dispenser) (string, error) {
if d.Next() {
var listenAddress string
d.AllArgs(&listenAddress)
-
if listenAddress == "" {
listenAddress = caddy.DefaultAdminListen
}
-
return listenAddress, nil
}
return "", nil
diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go
index 135afef..f78b198 100644
--- a/modules/caddyhttp/caddyhttp.go
+++ b/modules/caddyhttp/caddyhttp.go
@@ -29,6 +29,7 @@ import (
"github.com/caddyserver/caddy/v2"
"github.com/lucas-clemente/quic-go/http3"
+ "github.com/mholt/certmagic"
"go.uber.org/zap"
)
@@ -111,6 +112,10 @@ type App struct {
// affect functionality.
Servers map[string]*Server `json:"servers,omitempty"`
+ // DefaultSNI if set configures all certificate lookups to fallback to use
+ // this SNI name if a more specific certificate could not be found
+ DefaultSNI string `json:"default_sni,omitempty"`
+
servers []*http.Server
h3servers []*http3.Server
h3listeners []net.PacketConn
@@ -134,6 +139,8 @@ func (app *App) Provision(ctx caddy.Context) error {
repl := caddy.NewReplacer()
+ certmagic.Default.DefaultServerName = app.DefaultSNI
+
// this provisions the matchers for each route,
// and prepares auto HTTP->HTTP redirects, and
// is required before we provision each server