summaryrefslogtreecommitdiff
path: root/modules/caddyhttp
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2019-06-04 22:43:21 -0600
committerMatthew Holt <mholt@users.noreply.github.com>2019-06-04 22:43:21 -0600
commitb79f86f256782be139d4ec09a74e0f75da52876a (patch)
tree77cb7f1b2f86c04ff7e148897cdd84387e9e9b4b /modules/caddyhttp
parent613aecb8982d4addfcc01dc339ebbfcf0fd1e445 (diff)
Fix bugs related to auto HTTPS and alternate port configurations
Diffstat (limited to 'modules/caddyhttp')
-rw-r--r--modules/caddyhttp/caddyhttp.go31
1 files changed, 29 insertions, 2 deletions
diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go
index 3ffc989..89ea58f 100644
--- a/modules/caddyhttp/caddyhttp.go
+++ b/modules/caddyhttp/caddyhttp.go
@@ -126,7 +126,8 @@ func (app *App) Start() error {
return fmt.Errorf("%s: listening on %s: %v", network, addr, err)
}
- // enable HTTP/2 by default
+ // enable HTTP/2 (and support for solving the
+ // TLS-ALPN ACME challenge) by default
for _, pol := range srv.TLSConnPolicies {
if len(pol.ALPN) == 0 {
pol.ALPN = append(pol.ALPN, defaultALPN...)
@@ -219,13 +220,38 @@ func (app *App) automaticHTTPS() error {
domains = append(domains, d)
}
+ // ensure that these certificates are managed properly;
+ // for example, it's implied that the HTTPPort should also
+ // be the port the HTTP challenge is solved on, and so
+ // for HTTPS port and TLS-ALPN challenge also - we need
+ // to tell the TLS app to manage these certs by honoring
+ // those port configurations
+ acmeManager := &caddytls.ACMEManagerMaker{
+ Challenges: caddytls.ChallengesConfig{
+ HTTP: caddytls.HTTPChallengeConfig{
+ AlternatePort: app.HTTPPort,
+ },
+ TLSALPN: caddytls.TLSALPNChallengeConfig{
+ AlternatePort: app.HTTPSPort,
+ },
+ },
+ }
+ acmeManager.SetDefaults()
+ tlsApp.Automation.Policies = append(tlsApp.Automation.Policies,
+ caddytls.AutomationPolicy{
+ Hosts: domains,
+ Management: acmeManager,
+ })
+
// manage their certificates
err := tlsApp.Manage(domains)
if err != nil {
return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err)
}
- // tell the server to use TLS
+ // tell the server to use TLS by specifying a TLS
+ // connection policy (which supports HTTP/2 and the
+ // TLS-ALPN ACME challenge as well)
srv.TLSConnPolicies = caddytls.ConnectionPolicies{
{ALPN: defaultALPN},
}
@@ -296,6 +322,7 @@ func (app *App) automaticHTTPS() error {
Listen: lnAddrs,
Routes: redirRoutes,
DisableAutoHTTPS: true,
+ tlsApp: tlsApp, // required to solve HTTP challenge
}
}