aboutsummaryrefslogtreecommitdiffhomepage
path: root/modules/caddyhttp/caddyhttp.go
diff options
context:
space:
mode:
authorMatthew Holt <[email protected]>2020-02-05 17:34:28 -0700
committerMatthew Holt <[email protected]>2020-02-05 17:34:28 -0700
commit5c7ca7d96e2d4ee2d3044475ce03e46589445b51 (patch)
treedfc3b615e8d288878f7a68dd18da76783fc66f91 /modules/caddyhttp/caddyhttp.go
parentec56c257089f42ef88ec3a5ec818965c0fa5d57f (diff)
downloadcaddy-5c7ca7d96e2d4ee2d3044475ce03e46589445b51.tar.gz
caddy-5c7ca7d96e2d4ee2d3044475ce03e46589445b51.zip
http: Split 2-phase auto-HTTPS into 3 phases
This is necessary to avoid a race for sockets. Both the HTTP servers and CertMagic solvers will try to bind the HTTP/HTTPS ports, but we need to make sure that our HTTP servers bind first. This is kind of a new thing now that management is async in Caddy 2. Also update to CertMagic 0.9.2, which fixes some async use cases at scale.
Diffstat (limited to 'modules/caddyhttp/caddyhttp.go')
-rw-r--r--modules/caddyhttp/caddyhttp.go14
1 files changed, 11 insertions, 3 deletions
diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go
index fc727d0ee..576620eb6 100644
--- a/modules/caddyhttp/caddyhttp.go
+++ b/modules/caddyhttp/caddyhttp.go
@@ -220,11 +220,12 @@ func (app *App) Validate() error {
// Start runs the app. It finishes automatic HTTPS if enabled,
// including management of certificates.
func (app *App) Start() error {
- // finish setting up automatic HTTPS and manage certs;
- // this must happen before each server is started
+ // give each server a pointer to the TLS app;
+ // this is required before they are started so
+ // they can solve ACME challenges
err := app.automaticHTTPSPhase2()
if err != nil {
- return fmt.Errorf("enabling automatic HTTPS: %v", err)
+ return fmt.Errorf("enabling automatic HTTPS, phase 2: %v", err)
}
for srvName, srv := range app.Servers {
@@ -297,6 +298,13 @@ func (app *App) Start() error {
}
}
+ // finish automatic HTTPS by finally beginning
+ // certificate management
+ err = app.automaticHTTPSPhase3()
+ if err != nil {
+ return fmt.Errorf("finalizing automatic HTTPS: %v", err)
+ }
+
return nil
}