diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-03-06 23:24:09 -0700 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-03-06 23:26:13 -0700 |
commit | b216d285dfe8784796d3f6597545c59aa4bec279 (patch) | |
tree | 92a949a75c1460b0aabac97c7d2831222d91a460 /caddyconfig/httpcaddyfile | |
parent | 3f5d27cd5da8f3ad53e4b794d34703922c9b824e (diff) | |
parent | b8cba62643abf849411856bd92c42b59b98779f4 (diff) |
Merge branch 'certmagic-refactor' into v2
Diffstat (limited to 'caddyconfig/httpcaddyfile')
-rw-r--r-- | caddyconfig/httpcaddyfile/addresses.go | 2 | ||||
-rw-r--r-- | caddyconfig/httpcaddyfile/builtins.go | 8 | ||||
-rw-r--r-- | caddyconfig/httpcaddyfile/httptype.go | 42 |
3 files changed, 38 insertions, 14 deletions
diff --git a/caddyconfig/httpcaddyfile/addresses.go b/caddyconfig/httpcaddyfile/addresses.go index 77f7e4f..64c5d4f 100644 --- a/caddyconfig/httpcaddyfile/addresses.go +++ b/caddyconfig/httpcaddyfile/addresses.go @@ -23,7 +23,7 @@ import ( "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" - "github.com/mholt/certmagic" + "github.com/caddyserver/certmagic" ) // mapAddressToServerBlocks returns a map of listener address to list of server diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index c2da6a9..3b5a4f5 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -111,7 +111,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { var cp *caddytls.ConnectionPolicy var fileLoader caddytls.FileLoader var folderLoader caddytls.FolderLoader - var mgr caddytls.ACMEManagerMaker + var mgr caddytls.ACMEIssuer // fill in global defaults, if configured if email := h.Option("email"); email != nil { @@ -322,9 +322,9 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } // automation policy - if !reflect.DeepEqual(mgr, caddytls.ACMEManagerMaker{}) { + if !reflect.DeepEqual(mgr, caddytls.ACMEIssuer{}) { configVals = append(configVals, ConfigValue{ - Class: "tls.automation_manager", + Class: "tls.cert_issuer", Value: mgr, }) } @@ -533,12 +533,10 @@ func parseLog(h Helper) ([]ConfigValue, error) { var val namedCustomLog if !reflect.DeepEqual(cl, new(caddy.CustomLog)) { - logCounter, ok := h.State["logCounter"].(int) if !ok { logCounter = 0 } - cl.Include = []string{"http.log.access"} val.name = fmt.Sprintf("log%d", logCounter) val.log = cl diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 685c7de..d880d97 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -26,7 +26,7 @@ import ( "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddytls" - "github.com/mholt/certmagic" + "github.com/caddyserver/certmagic" ) func init() { @@ -185,9 +185,9 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, for _, p := range pairings { for i, sblock := range p.serverBlocks { // tls automation policies - if mmVals, ok := sblock.pile["tls.automation_manager"]; ok { + if mmVals, ok := sblock.pile["tls.cert_issuer"]; ok { for _, mmVal := range mmVals { - mm := mmVal.Value.(caddytls.ManagerMaker) + mm := mmVal.Value.(certmagic.Issuer) sblockHosts, err := st.autoHTTPSHosts(sblock) if err != nil { return nil, warnings, err @@ -197,8 +197,8 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, tlsApp.Automation = new(caddytls.AutomationConfig) } tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, &caddytls.AutomationPolicy{ - Hosts: sblockHosts, - ManagementRaw: caddyconfig.JSONModuleObject(mm, "module", mm.(caddy.Module).CaddyModule().ID.Name(), &warnings), + Hosts: sblockHosts, + IssuerRaw: caddyconfig.JSONModuleObject(mm, "module", mm.(caddy.Module).CaddyModule().ID.Name(), &warnings), }) } else { warnings = append(warnings, caddyconfig.Warning{ @@ -257,7 +257,7 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, if !hasEmail { email = "" } - mgr := caddytls.ACMEManagerMaker{ + mgr := caddytls.ACMEIssuer{ CA: acmeCA.(string), Email: email.(string), } @@ -272,7 +272,7 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, } } tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, &caddytls.AutomationPolicy{ - ManagementRaw: caddyconfig.JSONModuleObject(mgr, "module", "acme", &warnings), + IssuerRaw: caddyconfig.JSONModuleObject(mgr, "module", "acme", &warnings), }) } if tlsApp.Automation != nil { @@ -349,6 +349,18 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, } } } + if len(customLogs) > 0 { + if cfg.Logging == nil { + cfg.Logging = &caddy.Logging{ + Logs: make(map[string]*caddy.CustomLog), + } + } + for _, ncl := range customLogs { + if ncl.name != "" { + cfg.Logging.Logs[ncl.name] = ncl.log + } + } + } return cfg, warnings, nil } @@ -487,6 +499,7 @@ func (st *ServerType) serversFromPairings( } // tls: connection policies and toggle auto HTTPS + defaultSNI := tryString(options["default_sni"], warnings) autoHTTPSQualifiedHosts, err := st.autoHTTPSHosts(sblock) if err != nil { return nil, err @@ -499,6 +512,7 @@ func (st *ServerType) serversFromPairings( srv.AutoHTTPS.Skip = append(srv.AutoHTTPS.Skip, autoHTTPSQualifiedHosts...) } else if cpVals, ok := sblock.pile["tls.connection_policy"]; ok { // tls connection policies + for _, cpVal := range cpVals { cp := cpVal.Value.(*caddytls.ConnectionPolicy) @@ -507,6 +521,13 @@ func (st *ServerType) serversFromPairings( if err != nil { return nil, err } + for _, h := range hosts { + if h == defaultSNI { + hosts = append(hosts, "") + cp.DefaultSNI = defaultSNI + break + } + } // TODO: are matchers needed if every hostname of the resulting config is matched? if len(hosts) > 0 { @@ -520,6 +541,11 @@ func (st *ServerType) serversFromPairings( srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp) } // TODO: consolidate equal conn policies + } else if defaultSNI != "" { + hasCatchAllTLSConnPolicy = true + srv.TLSConnPolicies = append(srv.TLSConnPolicies, &caddytls.ConnectionPolicy{ + DefaultSNI: defaultSNI, + }) } // exclude any hosts that were defined explicitly with @@ -770,7 +796,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls // otherwise the one without any hosts (a catch-all) would be // eaten up by the one with hosts; and if both have hosts, we // need to combine their lists - if reflect.DeepEqual(aps[i].ManagementRaw, aps[j].ManagementRaw) && + if reflect.DeepEqual(aps[i].IssuerRaw, aps[j].IssuerRaw) && aps[i].ManageSync == aps[j].ManageSync { if len(aps[i].Hosts) == 0 && len(aps[j].Hosts) > 0 { aps = append(aps[:j], aps[j+1:]...) |