ACME challenge proxy now accounts for ListenHost (bind); fixes #1296

1da70d3b · Matthew Holt · 31982004 · 1da70d3b · 1da70d3b · 1da70d3b
Commit 1da70d3b authored Dec 23, 2016 by Matthew Holt
Showing with 7 additions and 6 deletions

caddyhttp/httpserver/server.go caddyhttp/httpserver/server.go +2 -2

caddytls/httphandler.go caddytls/httphandler.go +3 -2

caddytls/httphandler_test.go caddytls/httphandler_test.go +2 -2

No files found.
--- a/caddyhttp/httpserver/server.go
+++ b/caddyhttp/httpserver/server.go
@@ -236,7 +236,7 @@ func (s *Server) serveHTTP(w http.ResponseWriter, r *http.Request) (int, error)
 	if vhost == nil {
 		// check for ACME challenge even if vhost is nil;
 		// could be a new host coming online soon
-		if caddytls.HTTPChallengeHandler(w, r, caddytls.DefaultHTTPAlternatePort) {
+		if caddytls.HTTPChallengeHandler(w, r, "localhost", caddytls.DefaultHTTPAlternatePort) {
 			return 0, nil
 		}
 		// otherwise, log the error and write a message to the client
@@ -297,7 +297,7 @@ func (s *Server) proxyHTTPChallenge(vhost *SiteConfig, w http.ResponseWriter, r
 	if vhost.TLS != nil && vhost.TLS.AltHTTPPort != "" {
 		altPort = vhost.TLS.AltHTTPPort
 	}
-	return caddytls.HTTPChallengeHandler(w, r, altPort)
+	return caddytls.HTTPChallengeHandler(w, r, vhost.ListenHost, altPort)
 }

 // Address returns the address s was assigned to listen on.

--- a/caddytls/httphandler.go
+++ b/caddytls/httphandler.go
@@ -2,6 +2,7 @@ package caddytls

 import (
 	"crypto/tls"
+	"fmt"
 	"log"
 	"net/http"
 	"net/http/httputil"
@@ -15,7 +16,7 @@ const challengeBasePath = "/.well-known/acme-challenge"
 // request path starts with challengeBasePath. It returns true if it
 // handled the request and no more needs to be done; it returns false
 // if this call was a no-op and the request still needs handling.
-func HTTPChallengeHandler(w http.ResponseWriter, r *http.Request, altPort string) bool {
+func HTTPChallengeHandler(w http.ResponseWriter, r *http.Request, listenHost, altPort string) bool {
 	if !strings.HasPrefix(r.URL.Path, challengeBasePath) {
 		return false
 	}
@@ -28,7 +29,7 @@ func HTTPChallengeHandler(w http.ResponseWriter, r *http.Request, altPort string
 		scheme = "https"
 	}

-	upstream, err := url.Parse(scheme + "://localhost:" + altPort)
+	upstream, err := url.Parse(fmt.Sprintf("%s://%s:%s", scheme, listenHost, altPort))
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)
 		log.Printf("[ERROR] ACME proxy handler: %v", err)

--- a/caddytls/httphandler_test.go
+++ b/caddytls/httphandler_test.go
@@ -25,7 +25,7 @@ func TestHTTPChallengeHandlerNoOp(t *testing.T) {
 			t.Fatalf("Could not craft request, got error: %v", err)
 		}
 		rw := httptest.NewRecorder()
-		if HTTPChallengeHandler(rw, req, DefaultHTTPAlternatePort) {
+		if HTTPChallengeHandler(rw, req, "", DefaultHTTPAlternatePort) {
 			t.Errorf("Got true with this URL, but shouldn't have: %s", url)
 		}
 	}
@@ -62,7 +62,7 @@ func TestHTTPChallengeHandlerSuccess(t *testing.T) {
 	}
 	rw := httptest.NewRecorder()

-	HTTPChallengeHandler(rw, req, DefaultHTTPAlternatePort)
+	HTTPChallengeHandler(rw, req, "", DefaultHTTPAlternatePort)

 	if !proxySuccess {
 		t.Fatal("Expected request to be proxied, but it wasn't")