diff options
| -rw-r--r-- | caddyconfig/httpcaddyfile/builtins.go | 16 | ||||
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 4 | ||||
| -rw-r--r-- | modules/caddytls/acmeissuer.go | 14 | ||||
| -rw-r--r-- | modules/caddytls/automation.go | 5 |
5 files changed, 38 insertions, 3 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 2606bf3..e1430d0 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -362,6 +362,22 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } acmeIssuer.Challenges.DNS.Resolvers = args + case "dns_challenge_override_domain": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) + } + acmeIssuer.Challenges.DNS.OverrideDomain = arg[0] + case "ca_root": arg := h.RemainingArgs() if len(arg) != 1 { @@ -8,7 +8,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.15.4-0.20220217213750-797d29bcf32f + github.com/caddyserver/certmagic v0.15.4 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/go-chi/chi v4.1.2+incompatible @@ -189,8 +189,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/caddyserver/certmagic v0.15.4-0.20220217213750-797d29bcf32f h1:sdjilRh0dxXpofiwDSFU7itmxuXetKB6xWd+lNRVq9s= -github.com/caddyserver/certmagic v0.15.4-0.20220217213750-797d29bcf32f/go.mod h1:qhkAOthf72ufAcp3Y5jF2RaGE96oip3UbEQRIzwe3/8= +github.com/caddyserver/certmagic v0.15.4 h1:kz//9+Z/xw197jtIBxxUDub8pQi9gcYvhXk5Ouw2EkM= +github.com/caddyserver/certmagic v0.15.4/go.mod h1:qhkAOthf72ufAcp3Y5jF2RaGE96oip3UbEQRIzwe3/8= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 42cef02..48a961f 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -144,6 +144,7 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { TTL: time.Duration(iss.Challenges.DNS.TTL), PropagationTimeout: time.Duration(iss.Challenges.DNS.PropagationTimeout), Resolvers: iss.Challenges.DNS.Resolvers, + OverrideDomain: iss.Challenges.DNS.OverrideDomain, } } } @@ -417,6 +418,19 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.ArgErr() } + case "dns_challenge_override_domain": + arg := d.RemainingArgs() + if len(arg) != 1 { + return d.ArgErr() + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.DNS == nil { + iss.Challenges.DNS = new(DNSChallengeConfig) + } + iss.Challenges.DNS.OverrideDomain = arg[0] + case "preferred_chains": chainPref, err := ParseCaddyfilePreferredChainsOptions(d) if err != nil { diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 95b1772..eb97c82 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -370,6 +370,11 @@ type DNSChallengeConfig struct { // Often necessary to configure when using split-horizon DNS. Resolvers []string `json:"resolvers,omitempty"` + // Override the domain to use for the DNS challenge. This + // is to delegate the challenge to a different domain, + // e.g. one that updates faster or one with a provider API. + OverrideDomain string `json:"override_domain,omitempty"` + solver acmez.Solver } |