mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-22 10:25:46 +03:00
Remove SimpleHTTP and bump version to 0.8 beta 4!
This commit is contained in:
parent
e17d43b58a
commit
24352e799a
3 changed files with 7 additions and 43 deletions
|
@ -7,7 +7,6 @@ import (
|
||||||
"net/http/httputil"
|
"net/http/httputil"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
"sync/atomic"
|
|
||||||
|
|
||||||
"github.com/mholt/caddy/middleware"
|
"github.com/mholt/caddy/middleware"
|
||||||
)
|
)
|
||||||
|
@ -19,17 +18,14 @@ const challengeBasePath = "/.well-known/acme-challenge"
|
||||||
// to renew certificates while the server is running.
|
// to renew certificates while the server is running.
|
||||||
type Handler struct {
|
type Handler struct {
|
||||||
Next middleware.Handler
|
Next middleware.Handler
|
||||||
ChallengeActive int32 // TODO: use sync/atomic to set/get this flag safely and efficiently
|
//ChallengeActive int32 // (TODO) use sync/atomic to set/get this flag safely and efficiently
|
||||||
}
|
}
|
||||||
|
|
||||||
// ServeHTTP is basically a no-op unless an ACME challenge is active on this host
|
// ServeHTTP is basically a no-op unless an ACME challenge is active on this host
|
||||||
// and the request path matches the expected path exactly.
|
// and the request path matches the expected path exactly.
|
||||||
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
|
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
|
||||||
// Only if challenge is active
|
|
||||||
// TODO: this won't work until the global challenge hook in the acme package is ready
|
|
||||||
//if atomic.LoadInt32(&h.ChallengeActive) == 1 {
|
|
||||||
|
|
||||||
// Proxy challenge requests to ACME client
|
// Proxy challenge requests to ACME client
|
||||||
|
// TODO: Only do this if a challenge is active?
|
||||||
if strings.HasPrefix(r.URL.Path, challengeBasePath) {
|
if strings.HasPrefix(r.URL.Path, challengeBasePath) {
|
||||||
scheme := "http"
|
scheme := "http"
|
||||||
if r.TLS != nil {
|
if r.TLS != nil {
|
||||||
|
@ -48,31 +44,12 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)
|
||||||
|
|
||||||
proxy := httputil.NewSingleHostReverseProxy(upstream)
|
proxy := httputil.NewSingleHostReverseProxy(upstream)
|
||||||
proxy.Transport = &http.Transport{
|
proxy.Transport = &http.Transport{
|
||||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // client uses self-signed cert
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // client would use self-signed cert
|
||||||
}
|
}
|
||||||
proxy.ServeHTTP(w, r)
|
proxy.ServeHTTP(w, r)
|
||||||
|
|
||||||
return 0, nil
|
return 0, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
//}
|
|
||||||
|
|
||||||
return h.Next.ServeHTTP(w, r)
|
return h.Next.ServeHTTP(w, r)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: SimpleHTTP deprecation imminent!! meaning these
|
|
||||||
// challenge handlers will go away and be replaced with
|
|
||||||
// something else.
|
|
||||||
|
|
||||||
// ChallengeOn enables h to proxy ACME requests.
|
|
||||||
func (h *Handler) ChallengeOn(challengePath string) {
|
|
||||||
// h.Lock()
|
|
||||||
// h.ChallengePath = challengePath
|
|
||||||
// h.Unlock()
|
|
||||||
atomic.StoreInt32(&h.ChallengeActive, 1)
|
|
||||||
}
|
|
||||||
|
|
||||||
// ChallengeOff disables ACME proxying from this h.
|
|
||||||
func (h *Handler) ChallengeOff(success bool) {
|
|
||||||
atomic.StoreInt32(&h.ChallengeActive, 0)
|
|
||||||
}
|
|
||||||
|
|
|
@ -79,12 +79,6 @@ func renewCertificates(configs []server.Config, useCustomPort bool) (int, []erro
|
||||||
var errs []error
|
var errs []error
|
||||||
var n int
|
var n int
|
||||||
|
|
||||||
defer func() {
|
|
||||||
// reset these so as to not interfere with other challenges
|
|
||||||
acme.OnSimpleHTTPStart = nil
|
|
||||||
acme.OnSimpleHTTPEnd = nil
|
|
||||||
}()
|
|
||||||
|
|
||||||
for _, cfg := range configs {
|
for _, cfg := range configs {
|
||||||
// Host must be TLS-enabled and have existing assets managed by LE
|
// Host must be TLS-enabled and have existing assets managed by LE
|
||||||
if !cfg.TLS.Enabled || !existingCertAndKey(cfg.Host) {
|
if !cfg.TLS.Enabled || !existingCertAndKey(cfg.Host) {
|
||||||
|
@ -122,28 +116,22 @@ func renewCertificates(configs []server.Config, useCustomPort bool) (int, []erro
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
// Read metadata
|
// Read and set up cert meta, required for renewal
|
||||||
metaBytes, err := ioutil.ReadFile(storage.SiteMetaFile(cfg.Host))
|
metaBytes, err := ioutil.ReadFile(storage.SiteMetaFile(cfg.Host))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errs = append(errs, err)
|
errs = append(errs, err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
privBytes, err := ioutil.ReadFile(storage.SiteKeyFile(cfg.Host))
|
privBytes, err := ioutil.ReadFile(storage.SiteKeyFile(cfg.Host))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errs = append(errs, err)
|
errs = append(errs, err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
var certMeta acme.CertificateResource
|
var certMeta acme.CertificateResource
|
||||||
err = json.Unmarshal(metaBytes, &certMeta)
|
err = json.Unmarshal(metaBytes, &certMeta)
|
||||||
certMeta.Certificate = certBytes
|
certMeta.Certificate = certBytes
|
||||||
certMeta.PrivateKey = privBytes
|
certMeta.PrivateKey = privBytes
|
||||||
|
|
||||||
// Tell the handler to accept and proxy acme request in order to solve challenge
|
|
||||||
acme.OnSimpleHTTPStart = acmeHandlers[cfg.Host].ChallengeOn
|
|
||||||
acme.OnSimpleHTTPEnd = acmeHandlers[cfg.Host].ChallengeOff
|
|
||||||
|
|
||||||
// Renew certificate
|
// Renew certificate
|
||||||
Renew:
|
Renew:
|
||||||
newCertMeta, err := client.RenewCertificate(certMeta, true, true)
|
newCertMeta, err := client.RenewCertificate(certMeta, true, true)
|
||||||
|
@ -176,6 +164,5 @@ func renewCertificates(configs []server.Config, useCustomPort bool) (int, []erro
|
||||||
}
|
}
|
||||||
|
|
||||||
// acmeHandlers is a map of host to ACME handler. These
|
// acmeHandlers is a map of host to ACME handler. These
|
||||||
// are used to proxy ACME requests to the ACME client
|
// are used to proxy ACME requests to the ACME client.
|
||||||
// when port 443 is in use.
|
|
||||||
var acmeHandlers = make(map[string]*Handler)
|
var acmeHandlers = make(map[string]*Handler)
|
||||||
|
|
2
main.go
2
main.go
|
@ -26,7 +26,7 @@ var (
|
||||||
|
|
||||||
const (
|
const (
|
||||||
appName = "Caddy"
|
appName = "Caddy"
|
||||||
appVersion = "0.8 beta 3"
|
appVersion = "0.8 beta 4"
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
|
Loading…
Reference in a new issue