summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/caddyhttp/autohttps.go2
-rw-r--r--modules/caddytls/automation.go2
-rw-r--r--modules/caddytls/tls.go62
3 files changed, 37 insertions, 29 deletions
diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go
index ecb988a..44cf581 100644
--- a/modules/caddyhttp/autohttps.go
+++ b/modules/caddyhttp/autohttps.go
@@ -339,7 +339,7 @@ uniqueDomainsLoop:
}
redirTo += "{http.request.uri}"
routes = append(routes, Route{
- MatcherSets: []MatcherSet{MatcherSet{MatchProtocol("http")}},
+ MatcherSets: []MatcherSet{{MatchProtocol("http")}},
Handlers: []MiddlewareHandler{
StaticResponse{
StatusCode: WeakString(strconv.Itoa(http.StatusPermanentRedirect)),
diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go
index c623b82..df76fd9 100644
--- a/modules/caddytls/automation.go
+++ b/modules/caddytls/automation.go
@@ -54,7 +54,7 @@ type AutomationConfig struct {
RenewCheckInterval caddy.Duration `json:"renew_interval,omitempty"`
defaultPublicAutomationPolicy *AutomationPolicy
- defaultInternalAutomationPolicy *AutomationPolicy
+ defaultInternalAutomationPolicy *AutomationPolicy // only initialized if necessary
}
// AutomationPolicy designates the policy for automating the
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index ea80fa9..0e92f05 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -89,29 +89,6 @@ func (t *TLS) Provision(ctx caddy.Context) error {
}
t.certCache = certmagic.NewCache(cacheOpts)
- // automation/management policies
- if t.Automation == nil {
- t.Automation = new(AutomationConfig)
- }
- t.Automation.defaultPublicAutomationPolicy = new(AutomationPolicy)
- err := t.Automation.defaultPublicAutomationPolicy.Provision(t)
- if err != nil {
- return fmt.Errorf("provisioning default public automation policy: %v", err)
- }
- t.Automation.defaultInternalAutomationPolicy = &AutomationPolicy{
- IssuerRaw: json.RawMessage(`{"module":"internal"}`),
- }
- err = t.Automation.defaultInternalAutomationPolicy.Provision(t)
- if err != nil {
- return fmt.Errorf("provisioning default internal automation policy: %v", err)
- }
- for i, ap := range t.Automation.Policies {
- err := ap.Provision(t)
- if err != nil {
- return fmt.Errorf("provisioning automation policy %d: %v", i, err)
- }
- }
-
// certificate loaders
val, err := ctx.LoadModule(t, "CertificatesRaw")
if err != nil {
@@ -119,9 +96,8 @@ func (t *TLS) Provision(ctx caddy.Context) error {
}
for modName, modIface := range val.(map[string]interface{}) {
if modName == "automate" {
- // special case; these will be loaded in later
- // using our automation facilities, which we
- // want to avoid during provisioning
+ // special case; these will be loaded in later using our automation facilities,
+ // which we want to avoid doing during provisioning
if automateNames, ok := modIface.(*AutomateLoader); ok && automateNames != nil {
t.automateNames = []string(*automateNames)
} else {
@@ -132,6 +108,38 @@ func (t *TLS) Provision(ctx caddy.Context) error {
t.certificateLoaders = append(t.certificateLoaders, modIface.(CertificateLoader))
}
+ // automation/management policies
+ if t.Automation == nil {
+ t.Automation = new(AutomationConfig)
+ }
+ t.Automation.defaultPublicAutomationPolicy = new(AutomationPolicy)
+ err = t.Automation.defaultPublicAutomationPolicy.Provision(t)
+ if err != nil {
+ return fmt.Errorf("provisioning default public automation policy: %v", err)
+ }
+ for _, n := range t.automateNames {
+ // if any names specified by the "automate" loader do not qualify for a public
+ // certificate, we should initialize a default internal automation policy
+ // (but we don't want to do this unnecessarily, since it may prompt for password!)
+ if certmagic.SubjectQualifiesForPublicCert(n) {
+ continue
+ }
+ t.Automation.defaultInternalAutomationPolicy = &AutomationPolicy{
+ IssuerRaw: json.RawMessage(`{"module":"internal"}`),
+ }
+ err = t.Automation.defaultInternalAutomationPolicy.Provision(t)
+ if err != nil {
+ return fmt.Errorf("provisioning default internal automation policy: %v", err)
+ }
+ break
+ }
+ for i, ap := range t.Automation.Policies {
+ err := ap.Provision(t)
+ if err != nil {
+ return fmt.Errorf("provisioning automation policy %d: %v", i, err)
+ }
+ }
+
// session ticket ephemeral keys (STEK) service and provider
if t.SessionTickets != nil {
err := t.SessionTickets.provision(ctx)
@@ -340,7 +348,7 @@ func (t *TLS) getAutomationPolicyForName(name string) *AutomationPolicy {
}
}
}
- if certmagic.SubjectQualifiesForPublicCert(name) {
+ if certmagic.SubjectQualifiesForPublicCert(name) || t.Automation.defaultInternalAutomationPolicy == nil {
return t.Automation.defaultPublicAutomationPolicy
}
return t.Automation.defaultInternalAutomationPolicy