diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-02-18 11:13:51 -0700 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-02-18 11:13:51 -0700 |
commit | 0b09b070e54bca82ba399f43062c689a3d921f24 (patch) | |
tree | a939a6b4189339ac04e1ae63a0c566f41e19359b /caddyconfig | |
parent | 7f9cfcc0f2918ec3c01b3f0408442026be454dc2 (diff) |
httpcaddyfile: Properly add all cert loaders across sites (fixes #3056)
Diffstat (limited to 'caddyconfig')
-rw-r--r-- | caddyconfig/httpcaddyfile/httptype.go | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 7c13794..9764b57 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -169,6 +169,7 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, // now for the TLS app! (TODO: refactor into own func) tlsApp := caddytls.TLS{CertificatesRaw: make(caddy.ModuleMap)} + var certLoaders []caddytls.CertificateLoader for _, p := range pairings { for i, sblock := range p.serverBlocks { // tls automation policies @@ -194,17 +195,25 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, } } } - // tls certificate loaders if clVals, ok := sblock.pile["tls.certificate_loader"]; ok { for _, clVal := range clVals { - loader := clVal.Value.(caddytls.CertificateLoader) - loaderName := caddy.GetModuleName(loader) - tlsApp.CertificatesRaw[loaderName] = caddyconfig.JSON(loader, &warnings) + certLoaders = append(certLoaders, clVal.Value.(caddytls.CertificateLoader)) } } } } + // group certificate loaders by module name, then add to config + if len(certLoaders) > 0 { + loadersByName := make(map[string][]caddytls.CertificateLoader) + for _, cl := range certLoaders { + name := caddy.GetModuleName(cl) + loadersByName[name] = append(loadersByName[name], cl) + } + for certLoaderName, loaders := range loadersByName { + tlsApp.CertificatesRaw[certLoaderName] = caddyconfig.JSON(loaders, &warnings) + } + } // if global ACME CA, DNS, or email were set, append a catch-all automation // policy that ensures they will be used if no tls directive was used acmeCA, hasACMECA := options["acme_ca"] |