mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-26 13:43:47 +03:00
Enable skipping just certificate management for some auto HTTPS names
This commit is contained in:
parent
91b03dccb0
commit
a524bcfe78
2 changed files with 21 additions and 9 deletions
|
@ -210,7 +210,8 @@ func (app *App) automaticHTTPS() error {
|
|||
for _, m := range matcherSet {
|
||||
if hm, ok := m.(*MatchHost); ok {
|
||||
for _, d := range *hm {
|
||||
if certmagic.HostQualifies(d) && !srv.AutoHTTPS.HostSkipped(d) {
|
||||
if certmagic.HostQualifies(d) &&
|
||||
!srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) {
|
||||
domainSet[d] = struct{}{}
|
||||
}
|
||||
}
|
||||
|
@ -221,9 +222,12 @@ func (app *App) automaticHTTPS() error {
|
|||
|
||||
if len(domainSet) > 0 {
|
||||
// marshal the domains into a slice
|
||||
var domains []string
|
||||
var domains, domainsForCerts []string
|
||||
for d := range domainSet {
|
||||
domains = append(domains, d)
|
||||
if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.SkipCerts) {
|
||||
domainsForCerts = append(domainsForCerts, d)
|
||||
}
|
||||
}
|
||||
|
||||
// ensure that these certificates are managed properly;
|
||||
|
@ -245,13 +249,13 @@ func (app *App) automaticHTTPS() error {
|
|||
acmeManager.SetDefaults()
|
||||
tlsApp.Automation.Policies = append(tlsApp.Automation.Policies,
|
||||
caddytls.AutomationPolicy{
|
||||
Hosts: domains,
|
||||
Hosts: domainsForCerts,
|
||||
Management: acmeManager,
|
||||
})
|
||||
|
||||
// manage their certificates
|
||||
log.Printf("[INFO] Enabling automatic HTTPS for %v", domains)
|
||||
err := tlsApp.Manage(domains)
|
||||
log.Printf("[INFO] Enabling automatic HTTPS certificates for %v", domainsForCerts)
|
||||
err := tlsApp.Manage(domainsForCerts)
|
||||
if err != nil {
|
||||
return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err)
|
||||
}
|
||||
|
@ -267,6 +271,8 @@ func (app *App) automaticHTTPS() error {
|
|||
continue
|
||||
}
|
||||
|
||||
log.Printf("[INFO] Enabling automatic HTTP->HTTPS redirects for %v", domains)
|
||||
|
||||
// create HTTP->HTTPS redirects
|
||||
for _, addr := range srv.Listen {
|
||||
netw, host, port, err := splitListenAddr(addr)
|
||||
|
|
|
@ -133,12 +133,18 @@ type AutoHTTPSConfig struct {
|
|||
// in automatic HTTPS (they will not have certificates
|
||||
// loaded nor redirects applied).
|
||||
Skip []string `json:"skip,omitempty"`
|
||||
|
||||
// Hosts/domain names listed here will still be enabled
|
||||
// for automatic HTTPS (unless in the Skip list), except
|
||||
// that certificates will not be provisioned and managed
|
||||
// for these names.
|
||||
SkipCerts []string `json:"skip_certificates,omitempty"`
|
||||
}
|
||||
|
||||
// HostSkipped returns true if name is supposed to be skipped
|
||||
// when setting up automatic HTTPS.
|
||||
func (ahc AutoHTTPSConfig) HostSkipped(name string) bool {
|
||||
for _, n := range ahc.Skip {
|
||||
// Skipped returns true if name is in skipSlice, which
|
||||
// should be one of the Skip* fields on ahc.
|
||||
func (ahc AutoHTTPSConfig) Skipped(name string, skipSlice []string) bool {
|
||||
for _, n := range skipSlice {
|
||||
if name == n {
|
||||
return true
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue