diff options
author | Matthew Holt <[email protected]> | 2020-02-05 17:34:28 -0700 |
---|---|---|
committer | Matthew Holt <[email protected]> | 2020-02-05 17:34:28 -0700 |
commit | 5c7ca7d96e2d4ee2d3044475ce03e46589445b51 (patch) | |
tree | dfc3b615e8d288878f7a68dd18da76783fc66f91 /modules/caddyhttp/caddyhttp.go | |
parent | ec56c257089f42ef88ec3a5ec818965c0fa5d57f (diff) | |
download | caddy-5c7ca7d96e2d4ee2d3044475ce03e46589445b51.tar.gz caddy-5c7ca7d96e2d4ee2d3044475ce03e46589445b51.zip |
http: Split 2-phase auto-HTTPS into 3 phases
This is necessary to avoid a race for sockets. Both the HTTP servers and
CertMagic solvers will try to bind the HTTP/HTTPS ports, but we need to
make sure that our HTTP servers bind first. This is kind of a new thing
now that management is async in Caddy 2.
Also update to CertMagic 0.9.2, which fixes some async use cases at
scale.
Diffstat (limited to 'modules/caddyhttp/caddyhttp.go')
-rw-r--r-- | modules/caddyhttp/caddyhttp.go | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index fc727d0ee..576620eb6 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -220,11 +220,12 @@ func (app *App) Validate() error { // Start runs the app. It finishes automatic HTTPS if enabled, // including management of certificates. func (app *App) Start() error { - // finish setting up automatic HTTPS and manage certs; - // this must happen before each server is started + // give each server a pointer to the TLS app; + // this is required before they are started so + // they can solve ACME challenges err := app.automaticHTTPSPhase2() if err != nil { - return fmt.Errorf("enabling automatic HTTPS: %v", err) + return fmt.Errorf("enabling automatic HTTPS, phase 2: %v", err) } for srvName, srv := range app.Servers { @@ -297,6 +298,13 @@ func (app *App) Start() error { } } + // finish automatic HTTPS by finally beginning + // certificate management + err = app.automaticHTTPSPhase3() + if err != nil { + return fmt.Errorf("finalizing automatic HTTPS: %v", err) + } + return nil } |