From 454b1e3939dea3a7131181c8ffbd6885e6a6b998 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 15 Aug 2016 12:08:51 -0600 Subject: [PATCH] Honor bind directive for ACME challenges Fixes https://forum.caddyserver.com/t/basic-caddy-installation-failing-on-automatic-https/472?u=matt --- caddyhttp/httpserver/plugin.go | 2 +- caddytls/client.go | 22 ++++++++++++++++------ 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/caddyhttp/httpserver/plugin.go b/caddyhttp/httpserver/plugin.go index 6f87c383b..d1b5bf268 100644 --- a/caddyhttp/httpserver/plugin.go +++ b/caddyhttp/httpserver/plugin.go @@ -332,8 +332,8 @@ func standardizeAddress(str string) (Address, error) { var directives = []string{ // primitive actions that set up the fundamental vitals of each config "root", - "tls", "bind", + "tls", // services/utilities, or other directives that don't necessarily inject handlers "startup", diff --git a/caddytls/client.go b/caddytls/client.go index a051880f5..70eccc222 100644 --- a/caddytls/client.go +++ b/caddytls/client.go @@ -103,18 +103,28 @@ var newACMEClient = func(config *Config, allowPrompts bool) (*ACMEClient, error) // Use HTTP and TLS-SNI challenges by default // See if HTTP challenge needs to be proxied + useHTTPPort := "" // empty port value will use challenge default if caddy.HasListenerWithAddress(net.JoinHostPort(config.ListenHost, HTTPChallengePort)) { - altPort := config.AltHTTPPort - if altPort == "" { - altPort = DefaultHTTPAlternatePort + useHTTPPort = config.AltHTTPPort + if useHTTPPort == "" { + useHTTPPort = DefaultHTTPAlternatePort } - c.SetHTTPAddress(net.JoinHostPort(config.ListenHost, altPort)) } // See if TLS challenge needs to be handled by our own facilities if caddy.HasListenerWithAddress(net.JoinHostPort(config.ListenHost, TLSSNIChallengePort)) { c.SetChallengeProvider(acme.TLSSNI01, tlsSniSolver{}) } + + // Always respect user's bind preferences by using config.ListenHost + err := c.SetHTTPAddress(net.JoinHostPort(config.ListenHost, useHTTPPort)) + if err != nil { + return nil, err + } + err = c.SetTLSAddress(net.JoinHostPort(config.ListenHost, "")) + if err != nil { + return nil, err + } } else { // Otherwise, DNS challenge it is @@ -124,8 +134,8 @@ var newACMEClient = func(config *Config, allowPrompts bool) (*ACMEClient, error) return nil, errors.New("unknown DNS provider by name '" + config.DNSProvider + "'") } - // we could pass credentials to create the provider, but for now - // we just let the solver package get them from the environment + // We could pass credentials to create the provider, but for now + // just let the solver package get them from the environment prov, err := provFn() if err != nil { return nil, err