diff options
-rw-r--r-- | caddyconfig/httpcaddyfile/builtins.go | 94 | ||||
-rw-r--r-- | caddytest/integration/caddyfile_adapt/tls_dns_ttl.txt | 70 | ||||
-rw-r--r-- | modules/caddytls/acmeissuer.go | 18 |
3 files changed, 173 insertions, 9 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index f4c9ce0..3f1943c 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -24,6 +24,7 @@ import ( "reflect" "strconv" "strings" + "time" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" @@ -75,16 +76,22 @@ func parseBind(h Helper) ([]ConfigValue, error) { // trusted_leaf_cert <base64_der> // trusted_leaf_cert_file <filename> // } -// alpn <values...> -// load <paths...> -// ca <acme_ca_endpoint> -// ca_root <pem_file> -// dns <provider_name> [...] +// alpn <values...> +// load <paths...> +// ca <acme_ca_endpoint> +// ca_root <pem_file> +// key_type [ed25519|p256|p384|rsa2048|rsa4096] +// dns <provider_name> [...] +// propagation_delay <duration> +// propagation_timeout <duration> +// resolvers <dns_servers...> +// dns_ttl <duration> +// dns_challenge_override_domain <domain> // on_demand -// eab <key_id> <mac_key> -// issuer <module_name> [...] -// get_certificate <module_name> [...] -// insecure_secrets_log <log_file> +// eab <key_id> <mac_key> +// issuer <module_name> [...] +// get_certificate <module_name> [...] +// insecure_secrets_log <log_file> // } func parseTLS(h Helper) ([]ConfigValue, error) { cp := new(caddytls.ConnectionPolicy) @@ -363,6 +370,75 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } acmeIssuer.Challenges.DNS.Resolvers = args + case "propagation_delay": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + delayStr := arg[0] + delay, err := caddy.ParseDuration(delayStr) + if err != nil { + return nil, h.Errf("invalid propagation_delay duration %s: %v", delayStr, err) + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) + } + acmeIssuer.Challenges.DNS.PropagationDelay = caddy.Duration(delay) + + case "propagation_timeout": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + timeoutStr := arg[0] + var timeout time.Duration + if timeoutStr == "-1" { + timeout = time.Duration(-1) + } else { + var err error + timeout, err = caddy.ParseDuration(timeoutStr) + if err != nil { + return nil, h.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err) + } + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) + } + acmeIssuer.Challenges.DNS.PropagationTimeout = caddy.Duration(timeout) + + case "dns_ttl": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + ttlStr := arg[0] + ttl, err := caddy.ParseDuration(ttlStr) + if err != nil { + return nil, h.Errf("invalid dns_ttl duration %s: %v", ttlStr, err) + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) + } + acmeIssuer.Challenges.DNS.TTL = caddy.Duration(ttl) + case "dns_challenge_override_domain": arg := h.RemainingArgs() if len(arg) != 1 { diff --git a/caddytest/integration/caddyfile_adapt/tls_dns_ttl.txt b/caddytest/integration/caddyfile_adapt/tls_dns_ttl.txt new file mode 100644 index 0000000..b1b2941 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_dns_ttl.txt @@ -0,0 +1,70 @@ +localhost + +respond "hello from localhost" +tls { + issuer acme { + dns_ttl 5m10s + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from localhost", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "localhost" + ], + "issuers": [ + { + "challenges": { + "dns": { + "ttl": 310000000000 + } + }, + "module": "acme" + } + ] + } + ] + } + } + } +}
\ No newline at end of file diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 2f752ed..12e300e 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -266,6 +266,7 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss } // propagation_delay <duration> // propagation_timeout <duration> // resolvers <dns_servers...> +// dns_ttl <duration> // dns_challenge_override_domain <domain> // preferred_chains [smallest] { // root_common_name <common_names...> @@ -445,6 +446,23 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.ArgErr() } + case "dns_ttl": + if !d.NextArg() { + return d.ArgErr() + } + ttlStr := d.Val() + ttl, err := caddy.ParseDuration(ttlStr) + if err != nil { + return d.Errf("invalid dns_ttl duration %s: %v", ttlStr, err) + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.DNS == nil { + iss.Challenges.DNS = new(DNSChallengeConfig) + } + iss.Challenges.DNS.TTL = caddy.Duration(ttl) + case "dns_challenge_override_domain": arg := d.RemainingArgs() if len(arg) != 1 { |