caddyhttp: Don't attempt to manage Tailscale certs

If .ts.net domains are explicitly added to config,
don't try to manage a cert for them (it will fail, and our
implicit Tailscale module will
get those certs at run-time).
This commit is contained in:
Matthew Holt 2022-03-02 13:42:38 -07:00
parent 9b7cdfa2f2
commit 6b385a36f9
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5

View file

@ -152,7 +152,9 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er
return fmt.Errorf("%s: route %d, matcher set %d, matcher %d, host matcher %d: %v",
srvName, routeIdx, matcherSetIdx, matcherIdx, hostMatcherIdx, err)
}
if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) {
// only include domain if it's not explicitly skipped and it's not a Tailscale domain
// (the implicit Tailscale manager module will get those certs at run-time)
if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) && !isTailscaleDomain(d) {
serverDomainSet[d] = struct{}{}
}
}
@ -688,4 +690,8 @@ func implicitTailscale(ctx caddy.Context) (caddytls.Tailscale, error) {
return ts, err
}
func isTailscaleDomain(name string) bool {
return strings.HasSuffix(strings.ToLower(name), ".ts.net")
}
type acmeCapable interface{ GetACMEIssuer() *caddytls.ACMEIssuer }