Skip to content

C
caddy
Commit 454b1e39 authored by Matthew Holt's avatar Matthew Holt
Browse files
Options

Honor bind directive for ACME challenges 

Fixes https://forum.caddyserver.com/t/basic-caddy-installation-failing-on-automatic-https/472?u=matt
parent 45ac1108
Hide whitespace changes
Inline Side-by-side
Showing with 17 additions and 7 deletions
caddyhttp/httpserver/plugin.go
View file @ 454b1e39
...@@ -332,8 +332,8 @@ func standardizeAddress(str string) (Address, error) { ...@@ -332,8 +332,8 @@ func standardizeAddress(str string) (Address, error) {
var directives = []string{ var directives = []string{
// primitive actions that set up the fundamental vitals of each config // primitive actions that set up the fundamental vitals of each config
"root", "root",
"tls",
"bind", "bind",
"tls",
// services/utilities, or other directives that don't necessarily inject handlers // services/utilities, or other directives that don't necessarily inject handlers
"startup", "startup",
......
caddytls/client.go
View file @ 454b1e39
...@@ -103,18 +103,28 @@ var newACMEClient = func(config *Config, allowPrompts bool) (*ACMEClient, error) ...@@ -103,18 +103,28 @@ var newACMEClient = func(config *Config, allowPrompts bool) (*ACMEClient, error)
// Use HTTP and TLS-SNI challenges by default // Use HTTP and TLS-SNI challenges by default
// See if HTTP challenge needs to be proxied // See if HTTP challenge needs to be proxied
useHTTPPort := "" // empty port value will use challenge default
if caddy.HasListenerWithAddress(net.JoinHostPort(config.ListenHost, HTTPChallengePort)) { if caddy.HasListenerWithAddress(net.JoinHostPort(config.ListenHost, HTTPChallengePort)) {
altPort := config.AltHTTPPort useHTTPPort = config.AltHTTPPort
if altPort == "" { if useHTTPPort == "" {
altPort = DefaultHTTPAlternatePort useHTTPPort = DefaultHTTPAlternatePort
} }
c.SetHTTPAddress(net.JoinHostPort(config.ListenHost, altPort))
} }
// See if TLS challenge needs to be handled by our own facilities // See if TLS challenge needs to be handled by our own facilities
if caddy.HasListenerWithAddress(net.JoinHostPort(config.ListenHost, TLSSNIChallengePort)) { if caddy.HasListenerWithAddress(net.JoinHostPort(config.ListenHost, TLSSNIChallengePort)) {
c.SetChallengeProvider(acme.TLSSNI01, tlsSniSolver{}) c.SetChallengeProvider(acme.TLSSNI01, tlsSniSolver{})
} }
// Always respect user's bind preferences by using config.ListenHost
err := c.SetHTTPAddress(net.JoinHostPort(config.ListenHost, useHTTPPort))
if err != nil {
return nil, err
}
err = c.SetTLSAddress(net.JoinHostPort(config.ListenHost, ""))
if err != nil {
return nil, err
}
} else { } else {
// Otherwise, DNS challenge it is // Otherwise, DNS challenge it is
...@@ -124,8 +134,8 @@ var newACMEClient = func(config *Config, allowPrompts bool) (*ACMEClient, error) ...@@ -124,8 +134,8 @@ var newACMEClient = func(config *Config, allowPrompts bool) (*ACMEClient, error)
return nil, errors.New("unknown DNS provider by name '" + config.DNSProvider + "'") return nil, errors.New("unknown DNS provider by name '" + config.DNSProvider + "'")
} }
// we could pass credentials to create the provider, but for now // We could pass credentials to create the provider, but for now
// we just let the solver package get them from the environment // just let the solver package get them from the environment
prov, err := provFn() prov, err := provFn()
if err != nil { if err != nil {
return nil, err return nil, err
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7