From 5c7ca7d96e2d4ee2d3044475ce03e46589445b51 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 5 Feb 2020 17:34:28 -0700 Subject: http: Split 2-phase auto-HTTPS into 3 phases This is necessary to avoid a race for sockets. Both the HTTP servers and CertMagic solvers will try to bind the HTTP/HTTPS ports, but we need to make sure that our HTTP servers bind first. This is kind of a new thing now that management is async in Caddy 2. Also update to CertMagic 0.9.2, which fixes some async use cases at scale. --- modules/caddyhttp/caddyhttp.go | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'modules/caddyhttp/caddyhttp.go') diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index fc727d0..576620e 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -220,11 +220,12 @@ func (app *App) Validate() error { // Start runs the app. It finishes automatic HTTPS if enabled, // including management of certificates. func (app *App) Start() error { - // finish setting up automatic HTTPS and manage certs; - // this must happen before each server is started + // give each server a pointer to the TLS app; + // this is required before they are started so + // they can solve ACME challenges err := app.automaticHTTPSPhase2() if err != nil { - return fmt.Errorf("enabling automatic HTTPS: %v", err) + return fmt.Errorf("enabling automatic HTTPS, phase 2: %v", err) } for srvName, srv := range app.Servers { @@ -297,6 +298,13 @@ func (app *App) Start() error { } } + // finish automatic HTTPS by finally beginning + // certificate management + err = app.automaticHTTPSPhase3() + if err != nil { + return fmt.Errorf("finalizing automatic HTTPS: %v", err) + } + return nil } -- cgit v1.2.3