Mirrors/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-02-24 08:49:01 +01:00
Code Issues Projects Releases Packages Wiki Activity

ACME challenge proxy now accounts for ListenHost (bind); fixes #1296

Browse source
This commit is contained in:
Matthew Holt 2016-12-23 09:40:03 -07:00
parent 3198200479
commit 1da70d3ba1
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
3 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
caddyhttp/httpserver/server.go
View file

@ -236,7 +236,7 @@ func (s *Server) serveHTTP(w http.ResponseWriter, r *http.Request) (int, error)
if vhost == nil { if vhost == nil {
// check for ACME challenge even if vhost is nil; // check for ACME challenge even if vhost is nil;
// could be a new host coming online soon // could be a new host coming online soon
if caddytls.HTTPChallengeHandler(w, r, caddytls.DefaultHTTPAlternatePort) { if caddytls.HTTPChallengeHandler(w, r, "localhost", caddytls.DefaultHTTPAlternatePort) {
return 0, nil return 0, nil
} }
// otherwise, log the error and write a message to the client // otherwise, log the error and write a message to the client
@ -297,7 +297,7 @@ func (s *Server) proxyHTTPChallenge(vhost *SiteConfig, w http.ResponseWriter, r
if vhost.TLS != nil && vhost.TLS.AltHTTPPort != "" { if vhost.TLS != nil && vhost.TLS.AltHTTPPort != "" {
altPort = vhost.TLS.AltHTTPPort altPort = vhost.TLS.AltHTTPPort
} }
return caddytls.HTTPChallengeHandler(w, r, altPort) return caddytls.HTTPChallengeHandler(w, r, vhost.ListenHost, altPort)
} }
// Address returns the address s was assigned to listen on. // Address returns the address s was assigned to listen on.

5
caddytls/httphandler.go
View file

@ -2,6 +2,7 @@ package caddytls
import ( import (
"crypto/tls" "crypto/tls"
"fmt"
"log" "log"
"net/http" "net/http"
"net/http/httputil" "net/http/httputil"
@ -15,7 +16,7 @@ const challengeBasePath = "/.well-known/acme-challenge"
// request path starts with challengeBasePath. It returns true if it // request path starts with challengeBasePath. It returns true if it
// handled the request and no more needs to be done; it returns false // handled the request and no more needs to be done; it returns false
// if this call was a no-op and the request still needs handling. // if this call was a no-op and the request still needs handling.
func HTTPChallengeHandler(w http.ResponseWriter, r *http.Request, altPort string) bool { func HTTPChallengeHandler(w http.ResponseWriter, r *http.Request, listenHost, altPort string) bool {
if !strings.HasPrefix(r.URL.Path, challengeBasePath) { if !strings.HasPrefix(r.URL.Path, challengeBasePath) {
return false return false
} }
@ -28,7 +29,7 @@ func HTTPChallengeHandler(w http.ResponseWriter, r *http.Request, altPort string
scheme = "https" scheme = "https"
} }
upstream, err := url.Parse(scheme + "://localhost:" + altPort) upstream, err := url.Parse(fmt.Sprintf("%s://%s:%s", scheme, listenHost, altPort))
if err != nil { if err != nil {
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)
log.Printf("[ERROR] ACME proxy handler: %v", err) log.Printf("[ERROR] ACME proxy handler: %v", err)

4
caddytls/httphandler_test.go
View file

@ -25,7 +25,7 @@ func TestHTTPChallengeHandlerNoOp(t *testing.T) {
t.Fatalf("Could not craft request, got error: %v", err) t.Fatalf("Could not craft request, got error: %v", err)
} }
rw := httptest.NewRecorder() rw := httptest.NewRecorder()
if HTTPChallengeHandler(rw, req, DefaultHTTPAlternatePort) { if HTTPChallengeHandler(rw, req, "", DefaultHTTPAlternatePort) {
t.Errorf("Got true with this URL, but shouldn't have: %s", url) t.Errorf("Got true with this URL, but shouldn't have: %s", url)
} }
} }
@ -62,7 +62,7 @@ func TestHTTPChallengeHandlerSuccess(t *testing.T) {
} }
rw := httptest.NewRecorder() rw := httptest.NewRecorder()
HTTPChallengeHandler(rw, req, DefaultHTTPAlternatePort) HTTPChallengeHandler(rw, req, "", DefaultHTTPAlternatePort)
if !proxySuccess { if !proxySuccess {
t.Fatal("Expected request to be proxied, but it wasn't") t.Fatal("Expected request to be proxied, but it wasn't")