mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-24 01:26:47 +01:00
letsencrypt: Enable activation on empty hosts; fix email bug
This commit is contained in:
parent
178c4d11d9
commit
f1b2637d44
3 changed files with 21 additions and 14 deletions
|
@ -131,7 +131,7 @@ func ObtainCerts(configs []server.Config, altPort string) error {
|
|||
}
|
||||
|
||||
for _, cfg := range group {
|
||||
if existingCertAndKey(cfg.Host) {
|
||||
if cfg.Host == "" || existingCertAndKey(cfg.Host) {
|
||||
continue
|
||||
}
|
||||
|
||||
|
@ -170,8 +170,10 @@ func EnableTLS(configs []server.Config) {
|
|||
continue
|
||||
}
|
||||
configs[i].TLS.Enabled = true
|
||||
configs[i].TLS.Certificate = storage.SiteCertFile(configs[i].Host)
|
||||
configs[i].TLS.Key = storage.SiteKeyFile(configs[i].Host)
|
||||
if configs[i].Host != "" {
|
||||
configs[i].TLS.Certificate = storage.SiteCertFile(configs[i].Host)
|
||||
configs[i].TLS.Key = storage.SiteKeyFile(configs[i].Host)
|
||||
}
|
||||
setup.SetDefaultTLSParams(&configs[i])
|
||||
}
|
||||
}
|
||||
|
@ -257,13 +259,15 @@ func ConfigQualifies(cfg server.Config) bool {
|
|||
cfg.Port != "80" &&
|
||||
cfg.TLS.LetsEncryptEmail != "off" &&
|
||||
|
||||
// we get can't certs for some kinds of hostnames
|
||||
HostQualifies(cfg.Host)
|
||||
// we get can't certs for some kinds of hostnames,
|
||||
// but we CAN get certs at request-time even if
|
||||
// the hostname in the config is empty right now.
|
||||
(cfg.Host == "" || HostQualifies(cfg.Host))
|
||||
}
|
||||
|
||||
// HostQualifies returns true if the hostname alone
|
||||
// appears eligible for automatic HTTPS. For example,
|
||||
// localhost, empty hostname, and wildcard hosts are
|
||||
// localhost, empty hostname, and IP addresses are
|
||||
// not eligible because we cannot obtain certificates
|
||||
// for those names.
|
||||
func HostQualifies(hostname string) bool {
|
||||
|
@ -397,7 +401,7 @@ func saveCertResource(cert acme.CertificateResource) error {
|
|||
// be the HTTPS configuration. The returned configuration is set
|
||||
// to listen on port 80.
|
||||
func redirPlaintextHost(cfg server.Config) server.Config {
|
||||
toURL := "https://" + cfg.Host
|
||||
toURL := "https://{host}" // serve any host, since cfg.Host could be empty
|
||||
if cfg.Port != "443" && cfg.Port != "80" {
|
||||
toURL += ":" + cfg.Port
|
||||
}
|
||||
|
|
|
@ -46,6 +46,7 @@ func TestConfigQualifies(t *testing.T) {
|
|||
cfg server.Config
|
||||
expect bool
|
||||
}{
|
||||
{server.Config{Host: ""}, true},
|
||||
{server.Config{Host: "localhost"}, false},
|
||||
{server.Config{Host: "example.com"}, true},
|
||||
{server.Config{Host: "example.com", TLS: server.TLSConfig{Certificate: "cert.pem"}}, false},
|
||||
|
@ -105,18 +106,18 @@ func TestRedirPlaintextHost(t *testing.T) {
|
|||
if actual, expected := handler.Rules[0].FromPath, "/"; actual != expected {
|
||||
t.Errorf("Expected redirect rule to be for path '%s' but is actually for '%s'", expected, actual)
|
||||
}
|
||||
if actual, expected := handler.Rules[0].To, "https://example.com:1234{uri}"; actual != expected {
|
||||
if actual, expected := handler.Rules[0].To, "https://{host}:1234{uri}"; actual != expected {
|
||||
t.Errorf("Expected redirect rule to be to URL '%s' but is actually to '%s'", expected, actual)
|
||||
}
|
||||
if actual, expected := handler.Rules[0].Code, http.StatusMovedPermanently; actual != expected {
|
||||
t.Errorf("Expected redirect rule to have code %d but was %d", expected, actual)
|
||||
}
|
||||
|
||||
// browsers can interpret default ports with scheme, so make sure the port
|
||||
// doesn't get added in explicitly for default ports.
|
||||
// browsers can infer a default port from scheme, so make sure the port
|
||||
// doesn't get added in explicitly for default ports like 443 for https.
|
||||
cfg = redirPlaintextHost(server.Config{Host: "example.com", Port: "443"})
|
||||
handler, ok = cfg.Middleware["/"][0](nil).(redirect.Redirect)
|
||||
if actual, expected := handler.Rules[0].To, "https://example.com{uri}"; actual != expected {
|
||||
if actual, expected := handler.Rules[0].To, "https://{host}{uri}"; actual != expected {
|
||||
t.Errorf("(Default Port) Expected redirect rule to be to URL '%s' but is actually to '%s'", expected, actual)
|
||||
}
|
||||
}
|
||||
|
@ -252,7 +253,7 @@ func TestMakePlaintextRedirects(t *testing.T) {
|
|||
|
||||
func TestEnableTLS(t *testing.T) {
|
||||
configs := []server.Config{
|
||||
server.Config{TLS: server.TLSConfig{Managed: true}},
|
||||
server.Config{Host: "example.com", TLS: server.TLSConfig{Managed: true}},
|
||||
server.Config{}, // not managed - no changes!
|
||||
}
|
||||
|
||||
|
@ -325,8 +326,9 @@ func TestMarkQualified(t *testing.T) {
|
|||
{Host: "example.com", Port: "1234"},
|
||||
{Host: "example.com", Scheme: "https"},
|
||||
{Host: "example.com", Port: "80", Scheme: "https"},
|
||||
{Host: ""},
|
||||
}
|
||||
expectedManagedCount := 4
|
||||
expectedManagedCount := 5
|
||||
|
||||
MarkQualified(configs)
|
||||
|
||||
|
|
|
@ -154,10 +154,11 @@ func getEmail(cfg server.Config, skipPrompt bool) string {
|
|||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
leEmail = strings.TrimSpace(leEmail)
|
||||
DefaultEmail = leEmail
|
||||
Agreed = true
|
||||
}
|
||||
return strings.TrimSpace(leEmail)
|
||||
return leEmail
|
||||
}
|
||||
|
||||
// promptUserAgreement prompts the user to agree to the agreement
|
||||
|
|
Loading…
Reference in a new issue