diff options
Diffstat (limited to 'caddyconfig')
-rw-r--r-- | caddyconfig/httpcaddyfile/builtins.go | 24 | ||||
-rw-r--r-- | caddyconfig/httpcaddyfile/httptype.go | 11 | ||||
-rw-r--r-- | caddyconfig/httpcaddyfile/options.go | 4 | ||||
-rw-r--r-- | caddyconfig/httpcaddyfile/tlsapp.go | 7 |
4 files changed, 39 insertions, 7 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 7fdd3e8..2606bf3 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -82,6 +82,7 @@ func parseBind(h Helper) ([]ConfigValue, error) { // on_demand // eab <key_id> <mac_key> // issuer <module_name> [...] +// get_certificate <module_name> [...] // } // func parseTLS(h Helper) ([]ConfigValue, error) { @@ -93,6 +94,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { var keyType string var internalIssuer *caddytls.InternalIssuer var issuers []certmagic.Issuer + var certManagers []certmagic.CertificateManager var onDemand bool for h.Next() { @@ -307,6 +309,22 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } issuers = append(issuers, issuer) + case "get_certificate": + if !h.NextArg() { + return nil, h.ArgErr() + } + modName := h.Val() + modID := "tls.get_certificate." + modName + unm, err := caddyfile.UnmarshalModule(h.Dispenser, modID) + if err != nil { + return nil, err + } + certManager, ok := unm.(certmagic.CertificateManager) + if !ok { + return nil, h.Errf("module %s (%T) is not a certmagic.CertificateManager", modID, unm) + } + certManagers = append(certManagers, certManager) + case "dns": if !h.NextArg() { return nil, h.ArgErr() @@ -453,6 +471,12 @@ func parseTLS(h Helper) ([]ConfigValue, error) { Value: true, }) } + for _, certManager := range certManagers { + configVals = append(configVals, ConfigValue{ + Class: "tls.cert_manager", + Value: certManager, + }) + } // custom certificate selection if len(certSelector.AnyTag) > 0 { diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 3a54c08..d7716a4 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -446,13 +446,14 @@ func (st *ServerType) serversFromPairings( // handle the auto_https global option if autoHTTPS != "on" { srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig) - if autoHTTPS == "off" { + switch autoHTTPS { + case "off": srv.AutoHTTPS.Disabled = true - } - if autoHTTPS == "disable_redirects" { + case "disable_redirects": srv.AutoHTTPS.DisableRedir = true - } - if autoHTTPS == "ignore_loaded_certs" { + case "disable_certs": + srv.AutoHTTPS.DisableCerts = true + case "ignore_loaded_certs": srv.AutoHTTPS.IgnoreLoadedCerts = true } } diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 016d0df..65b0338 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -384,8 +384,8 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro if d.Next() { return "", d.ArgErr() } - if val != "off" && val != "disable_redirects" && val != "ignore_loaded_certs" { - return "", d.Errf("auto_https must be one of 'off', 'disable_redirects' or 'ignore_loaded_certs'") + if val != "off" && val != "disable_redirects" && val != "disable_certs" && val != "ignore_loaded_certs" { + return "", d.Errf("auto_https must be one of 'off', 'disable_redirects', 'disable_certs', or 'ignore_loaded_certs'") } return val, nil } diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index b11addc..48506d8 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -133,6 +133,13 @@ func (st ServerType) buildTLSApp( ap.Issuers = issuers } + // certificate managers + if certManagerVals, ok := sblock.pile["tls.cert_manager"]; ok { + for _, certManager := range certManagerVals { + certGetterName := certManager.Value.(caddy.Module).CaddyModule().ID.Name() + ap.ManagersRaw = append(ap.ManagersRaw, caddyconfig.JSONModuleObject(certManager.Value, "via", certGetterName, &warnings)) + } + } // custom bind host for _, cfgVal := range sblock.pile["bind"] { for _, iss := range ap.Issuers { |