reverseproxy: Adjust new TLS Caddyfile directive names (#4872)

This commit is contained in:
Francis Lavoie 2022-07-08 13:04:22 -04:00 committed by GitHub
parent c0f76e9ed4
commit 54d1923ccb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 30 deletions

View file

@ -24,8 +24,9 @@ https://example.com {
max_conns_per_host 5 max_conns_per_host 5
keepalive_idle_conns_per_host 2 keepalive_idle_conns_per_host 2
keepalive_interval 30s keepalive_interval 30s
renegotiation freely
except_ports 8181 8182 tls_renegotiation freely
tls_except_ports 8181 8182
} }
} }
} }

View file

@ -814,6 +814,8 @@ func (h *Handler) FinalizeUnmarshalCaddyfile(helper httpcaddyfile.Helper) error
// tls_timeout <duration> // tls_timeout <duration>
// tls_trusted_ca_certs <cert_files...> // tls_trusted_ca_certs <cert_files...>
// tls_server_name <sni> // tls_server_name <sni>
// tls_renegotiation <level>
// tls_except_ports <ports...>
// keepalive [off|<duration>] // keepalive [off|<duration>]
// keepalive_interval <interval> // keepalive_interval <interval>
// keepalive_idle_conns <max_count> // keepalive_idle_conns <max_count>
@ -907,6 +909,11 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
return d.Errf("must specify at least one resolver address") return d.Errf("must specify at least one resolver address")
} }
case "tls":
if h.TLS == nil {
h.TLS = new(TLSConfig)
}
case "tls_client_auth": case "tls_client_auth":
if h.TLS == nil { if h.TLS == nil {
h.TLS = new(TLSConfig) h.TLS = new(TLSConfig)
@ -922,25 +929,6 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
return d.ArgErr() return d.ArgErr()
} }
case "renegotiation":
if h.TLS == nil {
h.TLS = new(TLSConfig)
}
if !d.NextArg() {
return d.ArgErr()
}
switch renegotiation := d.Val(); renegotiation {
case "never", "once", "freely":
h.TLS.Renegotiation = renegotiation
default:
return d.ArgErr()
}
case "tls":
if h.TLS == nil {
h.TLS = new(TLSConfig)
}
case "tls_insecure_skip_verify": case "tls_insecure_skip_verify":
if d.NextArg() { if d.NextArg() {
return d.ArgErr() return d.ArgErr()
@ -982,6 +970,29 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
} }
h.TLS.ServerName = d.Val() h.TLS.ServerName = d.Val()
case "tls_renegotiation":
if h.TLS == nil {
h.TLS = new(TLSConfig)
}
if !d.NextArg() {
return d.ArgErr()
}
switch renegotiation := d.Val(); renegotiation {
case "never", "once", "freely":
h.TLS.Renegotiation = renegotiation
default:
return d.ArgErr()
}
case "tls_except_ports":
if h.TLS == nil {
h.TLS = new(TLSConfig)
}
h.TLS.ExceptPorts = d.RemainingArgs()
if len(h.TLS.ExceptPorts) == 0 {
return d.ArgErr()
}
case "keepalive": case "keepalive":
if !d.NextArg() { if !d.NextArg() {
return d.ArgErr() return d.ArgErr()
@ -1063,15 +1074,6 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
} }
h.MaxConnsPerHost = num h.MaxConnsPerHost = num
case "except_ports":
if h.TLS == nil {
h.TLS = new(TLSConfig)
}
h.TLS.ExceptPorts = d.RemainingArgs()
if len(h.TLS.ExceptPorts) == 0 {
return d.ArgErr()
}
default: default:
return d.Errf("unrecognized subdirective %s", d.Val()) return d.Errf("unrecognized subdirective %s", d.Val())
} }