Honor bind directive for ACME challenges

Fixes https://forum.caddyserver.com/t/basic-caddy-installation-failing-on-automatic-https/472?u=matt

Honor bind directive for ACME challenges
Fixes https://forum.caddyserver.com/t/basic-caddy-installation-failing-on-automatic-https/472?u=matt
454b1e39 · Matthew Holt · 45ac1108 · 454b1e39 · 454b1e39
Commit 454b1e39 authored Aug 15, 2016 by Matthew Holt
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 7 deletions

caddyhttp/httpserver/plugin.go caddyhttp/httpserver/plugin.go +1 -1

caddytls/client.go caddytls/client.go +16 -6

No files found.
--- a/caddyhttp/httpserver/plugin.go
+++ b/caddyhttp/httpserver/plugin.go
@@ -332,8 +332,8 @@ func standardizeAddress(str string) (Address, error) {
 var directives = []string{
 	// primitive actions that set up the fundamental vitals of each config
 	"root",
-	"tls",
 	"bind",
+	"tls",

 	// services/utilities, or other directives that don't necessarily inject handlers
 	"startup",

--- a/caddytls/client.go
+++ b/caddytls/client.go
@@ -103,18 +103,28 @@ var newACMEClient = func(config *Config, allowPrompts bool) (*ACMEClient, error)
 		// Use HTTP and TLS-SNI challenges by default

 		// See if HTTP challenge needs to be proxied
+		useHTTPPort := "" // empty port value will use challenge default
 		if caddy.HasListenerWithAddress(net.JoinHostPort(config.ListenHost, HTTPChallengePort)) {
-			altPort := config.AltHTTPPort
-			if altPort == "" {
-				altPort = DefaultHTTPAlternatePort
+			useHTTPPort = config.AltHTTPPort
+			if useHTTPPort == "" {
+				useHTTPPort = DefaultHTTPAlternatePort
 			}
-			c.SetHTTPAddress(net.JoinHostPort(config.ListenHost, altPort))
 		}

 		// See if TLS challenge needs to be handled by our own facilities
 		if caddy.HasListenerWithAddress(net.JoinHostPort(config.ListenHost, TLSSNIChallengePort)) {
 			c.SetChallengeProvider(acme.TLSSNI01, tlsSniSolver{})
 		}
+
+		// Always respect user's bind preferences by using config.ListenHost
+		err := c.SetHTTPAddress(net.JoinHostPort(config.ListenHost, useHTTPPort))
+		if err != nil {
+			return nil, err
+		}
+		err = c.SetTLSAddress(net.JoinHostPort(config.ListenHost, ""))
+		if err != nil {
+			return nil, err
+		}
 	} else {
 		// Otherwise, DNS challenge it is

@@ -124,8 +134,8 @@ var newACMEClient = func(config *Config, allowPrompts bool) (*ACMEClient, error)
 			return nil, errors.New("unknown DNS provider by name '" + config.DNSProvider + "'")
 		}

-		// we could pass credentials to create the provider, but for now
-		// we just let the solver package get them from the environment
+		// We could pass credentials to create the provider, but for now
+		// just let the solver package get them from the environment
 		prov, err := provFn()
 		if err != nil {
 			return nil, err