summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2022-03-02 13:42:38 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2022-03-02 13:42:38 -0700
commit6b385a36f9750b7a66300bbb2167ea5a4d26a61f (patch)
tree3fd63f9d3b942ef3fece77c796edff92107c883f
parent9b7cdfa2f2277ad9cf90e99dab50dee2ef10b58c (diff)
caddyhttp: Don't attempt to manage Tailscale certs
If .ts.net domains are explicitly added to config, don't try to manage a cert for them (it will fail, and our implicit Tailscale module will get those certs at run-time).
-rw-r--r--modules/caddyhttp/autohttps.go8
1 files changed, 7 insertions, 1 deletions
diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go
index 3e38d1b..eb66114 100644
--- a/modules/caddyhttp/autohttps.go
+++ b/modules/caddyhttp/autohttps.go
@@ -152,7 +152,9 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er
return fmt.Errorf("%s: route %d, matcher set %d, matcher %d, host matcher %d: %v",
srvName, routeIdx, matcherSetIdx, matcherIdx, hostMatcherIdx, err)
}
- if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) {
+ // only include domain if it's not explicitly skipped and it's not a Tailscale domain
+ // (the implicit Tailscale manager module will get those certs at run-time)
+ if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) && !isTailscaleDomain(d) {
serverDomainSet[d] = struct{}{}
}
}
@@ -688,4 +690,8 @@ func implicitTailscale(ctx caddy.Context) (caddytls.Tailscale, error) {
return ts, err
}
+func isTailscaleDomain(name string) bool {
+ return strings.HasSuffix(strings.ToLower(name), ".ts.net")
+}
+
type acmeCapable interface{ GetACMEIssuer() *caddytls.ACMEIssuer }