summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2019-06-26 10:57:18 -0600
committerMatthew Holt <mholt@users.noreply.github.com>2019-06-26 10:57:18 -0600
commita524bcfe78e8067b8224b1794c6842d9c2c7e8cf (patch)
tree42e7ce1c00505eeb98c6a1c88ee24cdf4bd3c5d2 /modules
parent91b03dccb0094d96652def8a9c70016fd53d1006 (diff)
Enable skipping just certificate management for some auto HTTPS names
Diffstat (limited to 'modules')
-rw-r--r--modules/caddyhttp/caddyhttp.go16
-rw-r--r--modules/caddyhttp/server.go14
2 files changed, 21 insertions, 9 deletions
diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go
index 850501f..9c80992 100644
--- a/modules/caddyhttp/caddyhttp.go
+++ b/modules/caddyhttp/caddyhttp.go
@@ -210,7 +210,8 @@ func (app *App) automaticHTTPS() error {
for _, m := range matcherSet {
if hm, ok := m.(*MatchHost); ok {
for _, d := range *hm {
- if certmagic.HostQualifies(d) && !srv.AutoHTTPS.HostSkipped(d) {
+ if certmagic.HostQualifies(d) &&
+ !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) {
domainSet[d] = struct{}{}
}
}
@@ -221,9 +222,12 @@ func (app *App) automaticHTTPS() error {
if len(domainSet) > 0 {
// marshal the domains into a slice
- var domains []string
+ var domains, domainsForCerts []string
for d := range domainSet {
domains = append(domains, d)
+ if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.SkipCerts) {
+ domainsForCerts = append(domainsForCerts, d)
+ }
}
// ensure that these certificates are managed properly;
@@ -245,13 +249,13 @@ func (app *App) automaticHTTPS() error {
acmeManager.SetDefaults()
tlsApp.Automation.Policies = append(tlsApp.Automation.Policies,
caddytls.AutomationPolicy{
- Hosts: domains,
+ Hosts: domainsForCerts,
Management: acmeManager,
})
// manage their certificates
- log.Printf("[INFO] Enabling automatic HTTPS for %v", domains)
- err := tlsApp.Manage(domains)
+ log.Printf("[INFO] Enabling automatic HTTPS certificates for %v", domainsForCerts)
+ err := tlsApp.Manage(domainsForCerts)
if err != nil {
return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err)
}
@@ -267,6 +271,8 @@ func (app *App) automaticHTTPS() error {
continue
}
+ log.Printf("[INFO] Enabling automatic HTTP->HTTPS redirects for %v", domains)
+
// create HTTP->HTTPS redirects
for _, addr := range srv.Listen {
netw, host, port, err := splitListenAddr(addr)
diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go
index be46d6d..05763ba 100644
--- a/modules/caddyhttp/server.go
+++ b/modules/caddyhttp/server.go
@@ -133,12 +133,18 @@ type AutoHTTPSConfig struct {
// in automatic HTTPS (they will not have certificates
// loaded nor redirects applied).
Skip []string `json:"skip,omitempty"`
+
+ // Hosts/domain names listed here will still be enabled
+ // for automatic HTTPS (unless in the Skip list), except
+ // that certificates will not be provisioned and managed
+ // for these names.
+ SkipCerts []string `json:"skip_certificates,omitempty"`
}
-// HostSkipped returns true if name is supposed to be skipped
-// when setting up automatic HTTPS.
-func (ahc AutoHTTPSConfig) HostSkipped(name string) bool {
- for _, n := range ahc.Skip {
+// Skipped returns true if name is in skipSlice, which
+// should be one of the Skip* fields on ahc.
+func (ahc AutoHTTPSConfig) Skipped(name string, skipSlice []string) bool {
+ for _, n := range skipSlice {
if name == n {
return true
}