From db4f1c02772dfd1f50bd745b322be1b60c72ac41 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 28 Oct 2020 20:36:00 -0600 Subject: httpcaddyfile: Revise automation policy generation (#3824) * httpcaddyfile: Revise automation policy generation This should fix a frustrating edge case where wildcard subjects are used, which potentially get shadowed by more specific versions of themselves; see the new tests for an example. This change is motivated by an actual customer requirement. Although all the tests pass, this logic is incredibly complex and nuanced, and I'm worried it is not correct. But it took me about 4 days to get this far on a solution. I did my best. * Fix typo --- .../caddyfile_adapt/tls_automation_policies.txt | 80 ++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies.txt (limited to 'caddytest') diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt new file mode 100644 index 0000000..0a90e4a --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt @@ -0,0 +1,80 @@ +{ + local_certs +} + +*.tld, *.*.tld { + tls { + on_demand + } +} + +foo.tld, www.foo.tld { +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "foo.tld", + "www.foo.tld" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "*.tld", + "*.*.tld" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "foo.tld", + "www.foo.tld" + ], + "issuer": { + "module": "internal" + } + }, + { + "subjects": [ + "*.*.tld", + "*.tld" + ], + "issuer": { + "module": "internal" + }, + "on_demand": true + }, + { + "issuer": { + "module": "internal" + } + } + ] + } + } + } +} \ No newline at end of file -- cgit v1.2.3