diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-02-08 16:52:54 -0700 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-02-08 18:43:35 -0700 |
commit | 17d938fc54b347d54a4f56c1f0d6e92c65033548 (patch) | |
tree | aa056d82b7f106858883494ed0d72fc861d54f51 /caddyconfig/httpcaddyfile | |
parent | 98bbc54fdcd05a2f53c10e81be7cf94d1dc62522 (diff) |
httpcaddyfile: Add support for DNS challenge solvers
Configuration via the Caddyfile requires use of env variables, but
an upstream issue is currently blocking that:
https://github.com/go-acme/lego/issues/1054
Providers will need to be retrofitted upstream in order to support env
var configuration.
Diffstat (limited to 'caddyconfig/httpcaddyfile')
-rw-r--r-- | caddyconfig/httpcaddyfile/builtins.go | 16 | ||||
-rw-r--r-- | caddyconfig/httpcaddyfile/httptype.go | 28 | ||||
-rw-r--r-- | caddyconfig/httpcaddyfile/options.go | 2 |
3 files changed, 37 insertions, 9 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 7c56b04..29ca0be 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -98,6 +98,7 @@ func parseRoot(h Helper) ([]ConfigValue, error) { // alpn <values...> // load <paths...> // ca <acme_ca_endpoint> +// dns <provider_name> // } // func parseTLS(h Helper) ([]ConfigValue, error) { @@ -217,6 +218,21 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } mgr.CA = arg[0] + // DNS provider for ACME DNS challenge + case "dns": + if !h.Next() { + return nil, h.ArgErr() + } + provName := h.Val() + if mgr.Challenges == nil { + mgr.Challenges = new(caddytls.ChallengesConfig) + } + dnsProvModule, err := caddy.GetModule("tls.dns." + provName) + if err != nil { + return nil, h.Errf("getting DNS provider module named '%s': %v", provName, err) + } + mgr.Challenges.DNSRaw = caddyconfig.JSONModuleObject(dnsProvModule.New(), "provider", provName, h.warnings) + default: return nil, h.Errf("unknown subdirective: %s", h.Val()) } diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 0cd2fca..268f66a 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -71,8 +71,8 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, val, err = parseOptExperimentalHTTP3(disp) case "storage": val, err = parseOptStorage(disp) - case "acme_ca": - val, err = parseOptACMECA(disp) + case "acme_ca", "acme_dns": + val, err = parseOptACME(disp) case "email": val, err = parseOptEmail(disp) case "admin": @@ -222,11 +222,12 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, } } } - // if global ACME CA or email were set, append a catch-all automation + // if global ACME CA, DNS, or email were set, append a catch-all automation // policy that ensures they will be used if no tls directive was used acmeCA, hasACMECA := options["acme_ca"] + acmeDNS, hasACMEDNS := options["acme_dns"] email, hasEmail := options["email"] - if hasACMECA || hasEmail { + if hasACMECA || hasACMEDNS || hasEmail { if tlsApp.Automation == nil { tlsApp.Automation = new(caddytls.AutomationConfig) } @@ -236,11 +237,22 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, if !hasEmail { email = "" } + mgr := caddytls.ACMEManagerMaker{ + CA: acmeCA.(string), + Email: email.(string), + } + if hasACMEDNS { + provName := acmeDNS.(string) + dnsProvModule, err := caddy.GetModule("tls.dns." + provName) + if err != nil { + return nil, warnings, fmt.Errorf("getting DNS provider module named '%s': %v", provName, err) + } + mgr.Challenges = &caddytls.ChallengesConfig{ + DNSRaw: caddyconfig.JSONModuleObject(dnsProvModule.New(), "provider", provName, &warnings), + } + } tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, caddytls.AutomationPolicy{ - ManagementRaw: caddyconfig.JSONModuleObject(caddytls.ACMEManagerMaker{ - CA: acmeCA.(string), - Email: email.(string), - }, "module", "acme", &warnings), + ManagementRaw: caddyconfig.JSONModuleObject(mgr, "module", "acme", &warnings), }) } if tlsApp.Automation != nil { diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index e81528e..9ebefea 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -162,7 +162,7 @@ func parseOptStorage(d *caddyfile.Dispenser) (caddy.StorageConverter, error) { return storage, nil } -func parseOptACMECA(d *caddyfile.Dispenser) (string, error) { +func parseOptACME(d *caddyfile.Dispenser) (string, error) { d.Next() // consume parameter name if !d.Next() { return "", d.ArgErr() |