diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2019-06-26 10:57:18 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2019-06-26 10:57:18 -0600 |
commit | a524bcfe78e8067b8224b1794c6842d9c2c7e8cf (patch) | |
tree | 42e7ce1c00505eeb98c6a1c88ee24cdf4bd3c5d2 /modules/caddyhttp | |
parent | 91b03dccb0094d96652def8a9c70016fd53d1006 (diff) |
Enable skipping just certificate management for some auto HTTPS names
Diffstat (limited to 'modules/caddyhttp')
-rw-r--r-- | modules/caddyhttp/caddyhttp.go | 16 | ||||
-rw-r--r-- | modules/caddyhttp/server.go | 14 |
2 files changed, 21 insertions, 9 deletions
diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 850501f..9c80992 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -210,7 +210,8 @@ func (app *App) automaticHTTPS() error { for _, m := range matcherSet { if hm, ok := m.(*MatchHost); ok { for _, d := range *hm { - if certmagic.HostQualifies(d) && !srv.AutoHTTPS.HostSkipped(d) { + if certmagic.HostQualifies(d) && + !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) { domainSet[d] = struct{}{} } } @@ -221,9 +222,12 @@ func (app *App) automaticHTTPS() error { if len(domainSet) > 0 { // marshal the domains into a slice - var domains []string + var domains, domainsForCerts []string for d := range domainSet { domains = append(domains, d) + if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.SkipCerts) { + domainsForCerts = append(domainsForCerts, d) + } } // ensure that these certificates are managed properly; @@ -245,13 +249,13 @@ func (app *App) automaticHTTPS() error { acmeManager.SetDefaults() tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, caddytls.AutomationPolicy{ - Hosts: domains, + Hosts: domainsForCerts, Management: acmeManager, }) // manage their certificates - log.Printf("[INFO] Enabling automatic HTTPS for %v", domains) - err := tlsApp.Manage(domains) + log.Printf("[INFO] Enabling automatic HTTPS certificates for %v", domainsForCerts) + err := tlsApp.Manage(domainsForCerts) if err != nil { return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err) } @@ -267,6 +271,8 @@ func (app *App) automaticHTTPS() error { continue } + log.Printf("[INFO] Enabling automatic HTTP->HTTPS redirects for %v", domains) + // create HTTP->HTTPS redirects for _, addr := range srv.Listen { netw, host, port, err := splitListenAddr(addr) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index be46d6d..05763ba 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -133,12 +133,18 @@ type AutoHTTPSConfig struct { // in automatic HTTPS (they will not have certificates // loaded nor redirects applied). Skip []string `json:"skip,omitempty"` + + // Hosts/domain names listed here will still be enabled + // for automatic HTTPS (unless in the Skip list), except + // that certificates will not be provisioned and managed + // for these names. + SkipCerts []string `json:"skip_certificates,omitempty"` } -// HostSkipped returns true if name is supposed to be skipped -// when setting up automatic HTTPS. -func (ahc AutoHTTPSConfig) HostSkipped(name string) bool { - for _, n := range ahc.Skip { +// Skipped returns true if name is in skipSlice, which +// should be one of the Skip* fields on ahc. +func (ahc AutoHTTPSConfig) Skipped(name string, skipSlice []string) bool { + for _, n := range skipSlice { if name == n { return true } |