diff options
author | Mark Sargent <[email protected]> | 2020-02-27 12:01:47 +1300 |
---|---|---|
committer | GitHub <[email protected]> | 2020-02-26 16:01:47 -0700 |
commit | 2de0acc11fcaaed9e4b3561d9a2d1457f015e9e3 (patch) | |
tree | 3b6cea17a201102cc2a4efec2bcba338fc16066e | |
parent | 5d97522d18da39cd3f9dd309774a5ad2c51f4c51 (diff) | |
download | caddy-2de0acc11fcaaed9e4b3561d9a2d1457f015e9e3.tar.gz caddy-2de0acc11fcaaed9e4b3561d9a2d1457f015e9e3.zip |
Initial implementation of global default SNI option (#3047)
* add global default sni
* fixed grammar
* httpcaddyfile: Reduce some duplicated code
* Um, re-commit already-committed commit, I guess? (sigh)
Co-authored-by: Matt Holt <[email protected]>
-rw-r--r-- | caddyconfig/httpcaddyfile/httptype.go | 21 | ||||
-rw-r--r-- | caddyconfig/httpcaddyfile/options.go | 16 | ||||
-rw-r--r-- | modules/caddyhttp/caddyhttp.go | 7 |
3 files changed, 24 insertions, 20 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index e3fcdd2ef..8dda183f5 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -169,9 +169,10 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, // now that each server is configured, make the HTTP app httpApp := caddyhttp.App{ - HTTPPort: tryInt(options["http_port"], &warnings), - HTTPSPort: tryInt(options["https_port"], &warnings), - Servers: servers, + HTTPPort: tryInt(options["http_port"], &warnings), + HTTPSPort: tryInt(options["https_port"], &warnings), + DefaultSNI: tryString(options["default_sni"], &warnings), + Servers: servers, } // now for the TLS app! (TODO: refactor into own func) @@ -364,6 +365,8 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options val, err = parseOptHTTPPort(disp) case "https_port": val, err = parseOptHTTPSPort(disp) + case "default_sni": + val, err = parseOptSingleString(disp) case "order": val, err = parseOptOrder(disp) case "experimental_http3": @@ -371,9 +374,9 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options case "storage": val, err = parseOptStorage(disp) case "acme_ca", "acme_dns", "acme_ca_root": - val, err = parseOptACME(disp) + val, err = parseOptSingleString(disp) case "email": - val, err = parseOptEmail(disp) + val, err = parseOptSingleString(disp) case "admin": val, err = parseOptAdmin(disp) case "debug": @@ -951,6 +954,14 @@ func tryInt(val interface{}, warnings *[]caddyconfig.Warning) int { return intVal } +func tryString(val interface{}, warnings *[]caddyconfig.Warning) string { + stringVal, ok := val.(string) + if val != nil && !ok && warnings != nil { + *warnings = append(*warnings, caddyconfig.Warning{Message: "not a string type"}) + } + return stringVal +} + // sliceContains returns true if needle is in haystack. func sliceContains(haystack []string, needle string) bool { for _, s := range haystack { diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index fdecfa4f2..f8c221cd7 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -162,19 +162,7 @@ func parseOptStorage(d *caddyfile.Dispenser) (caddy.StorageConverter, error) { return storage, nil } -func parseOptACME(d *caddyfile.Dispenser) (string, error) { - d.Next() // consume parameter name - if !d.Next() { - return "", d.ArgErr() - } - val := d.Val() - if d.Next() { - return "", d.ArgErr() - } - return val, nil -} - -func parseOptEmail(d *caddyfile.Dispenser) (string, error) { +func parseOptSingleString(d *caddyfile.Dispenser) (string, error) { d.Next() // consume parameter name if !d.Next() { return "", d.ArgErr() @@ -190,11 +178,9 @@ func parseOptAdmin(d *caddyfile.Dispenser) (string, error) { if d.Next() { var listenAddress string d.AllArgs(&listenAddress) - if listenAddress == "" { listenAddress = caddy.DefaultAdminListen } - return listenAddress, nil } return "", nil diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 135afef98..f78b19884 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -29,6 +29,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/lucas-clemente/quic-go/http3" + "github.com/mholt/certmagic" "go.uber.org/zap" ) @@ -111,6 +112,10 @@ type App struct { // affect functionality. Servers map[string]*Server `json:"servers,omitempty"` + // DefaultSNI if set configures all certificate lookups to fallback to use + // this SNI name if a more specific certificate could not be found + DefaultSNI string `json:"default_sni,omitempty"` + servers []*http.Server h3servers []*http3.Server h3listeners []net.PacketConn @@ -134,6 +139,8 @@ func (app *App) Provision(ctx caddy.Context) error { repl := caddy.NewReplacer() + certmagic.Default.DefaultServerName = app.DefaultSNI + // this provisions the matchers for each route, // and prepares auto HTTP->HTTP redirects, and // is required before we provision each server |