diff options
| author | Yannick Ihmels <yannick@ihmels.org> | 2023-01-06 20:44:00 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-06 14:44:00 -0500 |
| commit | 55035d327a2dbd32887db0b1dcbc25dba590798f (patch) | |
| tree | aa34b1c900009e6ae361e4d88d2ab7555618b578 /caddyconfig | |
| parent | 4e9ad50f6503a347e85b7030afa616a83f145394 (diff) | |
caddytls: Add `dns_ttl` config, improve Caddyfile `tls` options (#5287)
Diffstat (limited to 'caddyconfig')
| -rw-r--r-- | caddyconfig/httpcaddyfile/builtins.go | 94 |
1 files changed, 85 insertions, 9 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index f4c9ce0..3f1943c 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -24,6 +24,7 @@ import ( "reflect" "strconv" "strings" + "time" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" @@ -75,16 +76,22 @@ func parseBind(h Helper) ([]ConfigValue, error) { // trusted_leaf_cert <base64_der> // trusted_leaf_cert_file <filename> // } -// alpn <values...> -// load <paths...> -// ca <acme_ca_endpoint> -// ca_root <pem_file> -// dns <provider_name> [...] +// alpn <values...> +// load <paths...> +// ca <acme_ca_endpoint> +// ca_root <pem_file> +// key_type [ed25519|p256|p384|rsa2048|rsa4096] +// dns <provider_name> [...] +// propagation_delay <duration> +// propagation_timeout <duration> +// resolvers <dns_servers...> +// dns_ttl <duration> +// dns_challenge_override_domain <domain> // on_demand -// eab <key_id> <mac_key> -// issuer <module_name> [...] -// get_certificate <module_name> [...] -// insecure_secrets_log <log_file> +// eab <key_id> <mac_key> +// issuer <module_name> [...] +// get_certificate <module_name> [...] +// insecure_secrets_log <log_file> // } func parseTLS(h Helper) ([]ConfigValue, error) { cp := new(caddytls.ConnectionPolicy) @@ -363,6 +370,75 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } acmeIssuer.Challenges.DNS.Resolvers = args + case "propagation_delay": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + delayStr := arg[0] + delay, err := caddy.ParseDuration(delayStr) + if err != nil { + return nil, h.Errf("invalid propagation_delay duration %s: %v", delayStr, err) + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) + } + acmeIssuer.Challenges.DNS.PropagationDelay = caddy.Duration(delay) + + case "propagation_timeout": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + timeoutStr := arg[0] + var timeout time.Duration + if timeoutStr == "-1" { + timeout = time.Duration(-1) + } else { + var err error + timeout, err = caddy.ParseDuration(timeoutStr) + if err != nil { + return nil, h.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err) + } + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) + } + acmeIssuer.Challenges.DNS.PropagationTimeout = caddy.Duration(timeout) + + case "dns_ttl": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + ttlStr := arg[0] + ttl, err := caddy.ParseDuration(ttlStr) + if err != nil { + return nil, h.Errf("invalid dns_ttl duration %s: %v", ttlStr, err) + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) + } + acmeIssuer.Challenges.DNS.TTL = caddy.Duration(ttl) + case "dns_challenge_override_domain": arg := h.RemainingArgs() if len(arg) != 1 { |