httpcaddyfile: Properly add all cert loaders across sites (fixes #3056)

This commit is contained in:
Matthew Holt 2020-02-18 11:13:51 -07:00
parent 7f9cfcc0f2
commit 0b09b070e5
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5

View file

@ -169,6 +169,7 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock,
// now for the TLS app! (TODO: refactor into own func) // now for the TLS app! (TODO: refactor into own func)
tlsApp := caddytls.TLS{CertificatesRaw: make(caddy.ModuleMap)} tlsApp := caddytls.TLS{CertificatesRaw: make(caddy.ModuleMap)}
var certLoaders []caddytls.CertificateLoader
for _, p := range pairings { for _, p := range pairings {
for i, sblock := range p.serverBlocks { for i, sblock := range p.serverBlocks {
// tls automation policies // tls automation policies
@ -194,17 +195,25 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock,
} }
} }
} }
// tls certificate loaders // tls certificate loaders
if clVals, ok := sblock.pile["tls.certificate_loader"]; ok { if clVals, ok := sblock.pile["tls.certificate_loader"]; ok {
for _, clVal := range clVals { for _, clVal := range clVals {
loader := clVal.Value.(caddytls.CertificateLoader) certLoaders = append(certLoaders, clVal.Value.(caddytls.CertificateLoader))
loaderName := caddy.GetModuleName(loader)
tlsApp.CertificatesRaw[loaderName] = caddyconfig.JSON(loader, &warnings)
} }
} }
} }
} }
// group certificate loaders by module name, then add to config
if len(certLoaders) > 0 {
loadersByName := make(map[string][]caddytls.CertificateLoader)
for _, cl := range certLoaders {
name := caddy.GetModuleName(cl)
loadersByName[name] = append(loadersByName[name], cl)
}
for certLoaderName, loaders := range loadersByName {
tlsApp.CertificatesRaw[certLoaderName] = caddyconfig.JSON(loaders, &warnings)
}
}
// if global ACME CA, DNS, or email were set, append a catch-all automation // if global ACME CA, DNS, or email were set, append a catch-all automation
// policy that ensures they will be used if no tls directive was used // policy that ensures they will be used if no tls directive was used
acmeCA, hasACMECA := options["acme_ca"] acmeCA, hasACMECA := options["acme_ca"]