mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-24 01:26:47 +01:00
letsencrypt: Enable activation on empty hosts; fix email bug
This commit is contained in:
Matthew Holt
parent
178c4d11d9
commit
f1b2637d44
3 changed files with 21 additions and 14 deletions
|
|
@ -131,7 +131,7 @@ func ObtainCerts(configs []server.Config, altPort string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, cfg := range group {
|
for _, cfg := range group {
|
||||||
if existingCertAndKey(cfg.Host) {
|
if cfg.Host == "" || existingCertAndKey(cfg.Host) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -170,8 +170,10 @@ func EnableTLS(configs []server.Config) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
configs[i].TLS.Enabled = true
|
configs[i].TLS.Enabled = true
|
||||||
|
if configs[i].Host != "" {
|
||||||
configs[i].TLS.Certificate = storage.SiteCertFile(configs[i].Host)
|
configs[i].TLS.Certificate = storage.SiteCertFile(configs[i].Host)
|
||||||
configs[i].TLS.Key = storage.SiteKeyFile(configs[i].Host)
|
configs[i].TLS.Key = storage.SiteKeyFile(configs[i].Host)
|
||||||
|
}
|
||||||
setup.SetDefaultTLSParams(&configs[i])
|
setup.SetDefaultTLSParams(&configs[i])
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -257,13 +259,15 @@ func ConfigQualifies(cfg server.Config) bool {
|
||||||
cfg.Port != "80" &&
|
cfg.Port != "80" &&
|
||||||
cfg.TLS.LetsEncryptEmail != "off" &&
|
cfg.TLS.LetsEncryptEmail != "off" &&
|
||||||
|
|
||||||
// we get can't certs for some kinds of hostnames
|
// we get can't certs for some kinds of hostnames,
|
||||||
HostQualifies(cfg.Host)
|
// but we CAN get certs at request-time even if
|
||||||
|
// the hostname in the config is empty right now.
|
||||||
|
(cfg.Host == "" || HostQualifies(cfg.Host))
|
||||||
}
|
}
|
||||||
|
|
||||||
// HostQualifies returns true if the hostname alone
|
// HostQualifies returns true if the hostname alone
|
||||||
// appears eligible for automatic HTTPS. For example,
|
// appears eligible for automatic HTTPS. For example,
|
||||||
// localhost, empty hostname, and wildcard hosts are
|
// localhost, empty hostname, and IP addresses are
|
||||||
// not eligible because we cannot obtain certificates
|
// not eligible because we cannot obtain certificates
|
||||||
// for those names.
|
// for those names.
|
||||||
func HostQualifies(hostname string) bool {
|
func HostQualifies(hostname string) bool {
|
||||||
|
|
@ -397,7 +401,7 @@ func saveCertResource(cert acme.CertificateResource) error {
|
||||||
// be the HTTPS configuration. The returned configuration is set
|
// be the HTTPS configuration. The returned configuration is set
|
||||||
// to listen on port 80.
|
// to listen on port 80.
|
||||||
func redirPlaintextHost(cfg server.Config) server.Config {
|
func redirPlaintextHost(cfg server.Config) server.Config {
|
||||||
toURL := "https://" + cfg.Host
|
toURL := "https://{host}" // serve any host, since cfg.Host could be empty
|
||||||
if cfg.Port != "443" && cfg.Port != "80" {
|
if cfg.Port != "443" && cfg.Port != "80" {
|
||||||
toURL += ":" + cfg.Port
|
toURL += ":" + cfg.Port
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,7 @@ func TestConfigQualifies(t *testing.T) {
|
||||||
cfg server.Config
|
cfg server.Config
|
||||||
expect bool
|
expect bool
|
||||||
}{
|
}{
|
||||||
|
{server.Config{Host: ""}, true},
|
||||||
{server.Config{Host: "localhost"}, false},
|
{server.Config{Host: "localhost"}, false},
|
||||||
{server.Config{Host: "example.com"}, true},
|
{server.Config{Host: "example.com"}, true},
|
||||||
{server.Config{Host: "example.com", TLS: server.TLSConfig{Certificate: "cert.pem"}}, false},
|
{server.Config{Host: "example.com", TLS: server.TLSConfig{Certificate: "cert.pem"}}, false},
|
||||||
|
|
@ -105,18 +106,18 @@ func TestRedirPlaintextHost(t *testing.T) {
|
||||||
if actual, expected := handler.Rules[0].FromPath, "/"; actual != expected {
|
if actual, expected := handler.Rules[0].FromPath, "/"; actual != expected {
|
||||||
t.Errorf("Expected redirect rule to be for path '%s' but is actually for '%s'", expected, actual)
|
t.Errorf("Expected redirect rule to be for path '%s' but is actually for '%s'", expected, actual)
|
||||||
}
|
}
|
||||||
if actual, expected := handler.Rules[0].To, "https://example.com:1234{uri}"; actual != expected {
|
if actual, expected := handler.Rules[0].To, "https://{host}:1234{uri}"; actual != expected {
|
||||||
t.Errorf("Expected redirect rule to be to URL '%s' but is actually to '%s'", expected, actual)
|
t.Errorf("Expected redirect rule to be to URL '%s' but is actually to '%s'", expected, actual)
|
||||||
}
|
}
|
||||||
if actual, expected := handler.Rules[0].Code, http.StatusMovedPermanently; actual != expected {
|
if actual, expected := handler.Rules[0].Code, http.StatusMovedPermanently; actual != expected {
|
||||||
t.Errorf("Expected redirect rule to have code %d but was %d", expected, actual)
|
t.Errorf("Expected redirect rule to have code %d but was %d", expected, actual)
|
||||||
}
|
}
|
||||||
|
|
||||||
// browsers can interpret default ports with scheme, so make sure the port
|
// browsers can infer a default port from scheme, so make sure the port
|
||||||
// doesn't get added in explicitly for default ports.
|
// doesn't get added in explicitly for default ports like 443 for https.
|
||||||
cfg = redirPlaintextHost(server.Config{Host: "example.com", Port: "443"})
|
cfg = redirPlaintextHost(server.Config{Host: "example.com", Port: "443"})
|
||||||
handler, ok = cfg.Middleware["/"][0](nil).(redirect.Redirect)
|
handler, ok = cfg.Middleware["/"][0](nil).(redirect.Redirect)
|
||||||
if actual, expected := handler.Rules[0].To, "https://example.com{uri}"; actual != expected {
|
if actual, expected := handler.Rules[0].To, "https://{host}{uri}"; actual != expected {
|
||||||
t.Errorf("(Default Port) Expected redirect rule to be to URL '%s' but is actually to '%s'", expected, actual)
|
t.Errorf("(Default Port) Expected redirect rule to be to URL '%s' but is actually to '%s'", expected, actual)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -252,7 +253,7 @@ func TestMakePlaintextRedirects(t *testing.T) {
|
||||||
|
|
||||||
func TestEnableTLS(t *testing.T) {
|
func TestEnableTLS(t *testing.T) {
|
||||||
configs := []server.Config{
|
configs := []server.Config{
|
||||||
server.Config{TLS: server.TLSConfig{Managed: true}},
|
server.Config{Host: "example.com", TLS: server.TLSConfig{Managed: true}},
|
||||||
server.Config{}, // not managed - no changes!
|
server.Config{}, // not managed - no changes!
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -325,8 +326,9 @@ func TestMarkQualified(t *testing.T) {
|
||||||
{Host: "example.com", Port: "1234"},
|
{Host: "example.com", Port: "1234"},
|
||||||
{Host: "example.com", Scheme: "https"},
|
{Host: "example.com", Scheme: "https"},
|
||||||
{Host: "example.com", Port: "80", Scheme: "https"},
|
{Host: "example.com", Port: "80", Scheme: "https"},
|
||||||
|
{Host: ""},
|
||||||
}
|
}
|
||||||
expectedManagedCount := 4
|
expectedManagedCount := 5
|
||||||
|
|
||||||
MarkQualified(configs)
|
MarkQualified(configs)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -154,10 +154,11 @@ func getEmail(cfg server.Config, skipPrompt bool) string {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
leEmail = strings.TrimSpace(leEmail)
|
||||||
DefaultEmail = leEmail
|
DefaultEmail = leEmail
|
||||||
Agreed = true
|
Agreed = true
|
||||||
}
|
}
|
||||||
return strings.TrimSpace(leEmail)
|
return leEmail
|
||||||
}
|
}
|
||||||
|
|
||||||
// promptUserAgreement prompts the user to agree to the agreement
|
// promptUserAgreement prompts the user to agree to the agreement
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue