diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2019-06-04 22:43:21 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2019-06-04 22:43:21 -0600 |
commit | b79f86f256782be139d4ec09a74e0f75da52876a (patch) | |
tree | 77cb7f1b2f86c04ff7e148897cdd84387e9e9b4b /modules/caddyhttp | |
parent | 613aecb8982d4addfcc01dc339ebbfcf0fd1e445 (diff) |
Fix bugs related to auto HTTPS and alternate port configurations
Diffstat (limited to 'modules/caddyhttp')
-rw-r--r-- | modules/caddyhttp/caddyhttp.go | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 3ffc989..89ea58f 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -126,7 +126,8 @@ func (app *App) Start() error { return fmt.Errorf("%s: listening on %s: %v", network, addr, err) } - // enable HTTP/2 by default + // enable HTTP/2 (and support for solving the + // TLS-ALPN ACME challenge) by default for _, pol := range srv.TLSConnPolicies { if len(pol.ALPN) == 0 { pol.ALPN = append(pol.ALPN, defaultALPN...) @@ -219,13 +220,38 @@ func (app *App) automaticHTTPS() error { domains = append(domains, d) } + // ensure that these certificates are managed properly; + // for example, it's implied that the HTTPPort should also + // be the port the HTTP challenge is solved on, and so + // for HTTPS port and TLS-ALPN challenge also - we need + // to tell the TLS app to manage these certs by honoring + // those port configurations + acmeManager := &caddytls.ACMEManagerMaker{ + Challenges: caddytls.ChallengesConfig{ + HTTP: caddytls.HTTPChallengeConfig{ + AlternatePort: app.HTTPPort, + }, + TLSALPN: caddytls.TLSALPNChallengeConfig{ + AlternatePort: app.HTTPSPort, + }, + }, + } + acmeManager.SetDefaults() + tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, + caddytls.AutomationPolicy{ + Hosts: domains, + Management: acmeManager, + }) + // manage their certificates err := tlsApp.Manage(domains) if err != nil { return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err) } - // tell the server to use TLS + // tell the server to use TLS by specifying a TLS + // connection policy (which supports HTTP/2 and the + // TLS-ALPN ACME challenge as well) srv.TLSConnPolicies = caddytls.ConnectionPolicies{ {ALPN: defaultALPN}, } @@ -296,6 +322,7 @@ func (app *App) automaticHTTPS() error { Listen: lnAddrs, Routes: redirRoutes, DisableAutoHTTPS: true, + tlsApp: tlsApp, // required to solve HTTP challenge } } |