From 54d1923ccb03299aa92bf0ec3ba255e4c851a69e Mon Sep 17 00:00:00 2001
From: Francis Lavoie <lavofr@gmail.com>
Date: Fri, 8 Jul 2022 13:04:22 -0400
Subject: [PATCH] reverseproxy: Adjust new TLS Caddyfile directive names
(#4872)
---
.../caddyfile_adapt/reverse_proxy_options.txt | 5 +-
modules/caddyhttp/reverseproxy/caddyfile.go | 58 ++++++++++---------
2 files changed, 33 insertions(+), 30 deletions(-)
diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt
index ea740f62b..e05f1b90f 100644
--- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt
+++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt
@@ -24,8 +24,9 @@ https://example.com {
max_conns_per_host 5
keepalive_idle_conns_per_host 2
keepalive_interval 30s
- renegotiation freely
- except_ports 8181 8182
+
+ tls_renegotiation freely
+ tls_except_ports 8181 8182
}
}
}
diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go
index b2bdf049e..4fa4be013 100644
--- a/modules/caddyhttp/reverseproxy/caddyfile.go
+++ b/modules/caddyhttp/reverseproxy/caddyfile.go
@@ -814,6 +814,8 @@ func (h *Handler) FinalizeUnmarshalCaddyfile(helper httpcaddyfile.Helper) error
// tls_timeout <duration>
// tls_trusted_ca_certs <cert_files...>
// tls_server_name <sni>
+// tls_renegotiation <level>
+// tls_except_ports <ports...>
// keepalive [off|<duration>]
// keepalive_interval <interval>
// keepalive_idle_conns <max_count>
@@ -907,6 +909,11 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
return d.Errf("must specify at least one resolver address")
}
+ case "tls":
+ if h.TLS == nil {
+ h.TLS = new(TLSConfig)
+ }
+
case "tls_client_auth":
if h.TLS == nil {
h.TLS = new(TLSConfig)
@@ -922,25 +929,6 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
return d.ArgErr()
}
- case "renegotiation":
- if h.TLS == nil {
- h.TLS = new(TLSConfig)
- }
- if !d.NextArg() {
- return d.ArgErr()
- }
- switch renegotiation := d.Val(); renegotiation {
- case "never", "once", "freely":
- h.TLS.Renegotiation = renegotiation
- default:
- return d.ArgErr()
- }
-
- case "tls":
- if h.TLS == nil {
- h.TLS = new(TLSConfig)
- }
-
case "tls_insecure_skip_verify":
if d.NextArg() {
return d.ArgErr()
@@ -982,6 +970,29 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
}
h.TLS.ServerName = d.Val()
+ case "tls_renegotiation":
+ if h.TLS == nil {
+ h.TLS = new(TLSConfig)
+ }
+ if !d.NextArg() {
+ return d.ArgErr()
+ }
+ switch renegotiation := d.Val(); renegotiation {
+ case "never", "once", "freely":
+ h.TLS.Renegotiation = renegotiation
+ default:
+ return d.ArgErr()
+ }
+
+ case "tls_except_ports":
+ if h.TLS == nil {
+ h.TLS = new(TLSConfig)
+ }
+ h.TLS.ExceptPorts = d.RemainingArgs()
+ if len(h.TLS.ExceptPorts) == 0 {
+ return d.ArgErr()
+ }
+
case "keepalive":
if !d.NextArg() {
return d.ArgErr()
@@ -1063,15 +1074,6 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
}
h.MaxConnsPerHost = num
- case "except_ports":
- if h.TLS == nil {
- h.TLS = new(TLSConfig)
- }
- h.TLS.ExceptPorts = d.RemainingArgs()
- if len(h.TLS.ExceptPorts) == 0 {
- return d.ArgErr()
- }
-
default:
return d.Errf("unrecognized subdirective %s", d.Val())
}