serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-27 22:23:48 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Enable skipping just certificate management for some auto HTTPS names

Browse source
This commit is contained in:
Matthew Holt 2019-06-26 10:57:18 -06:00
parent 91b03dccb0
commit a524bcfe78
2 changed files with 21 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
modules/caddyhttp/caddyhttp.go
View file

@ -210,7 +210,8 @@ func (app *App) automaticHTTPS() error {
for _, m := range matcherSet { for _, m := range matcherSet {
if hm, ok := m.(*MatchHost); ok { if hm, ok := m.(*MatchHost); ok {
for _, d := range *hm { for _, d := range *hm {
if certmagic.HostQualifies(d) && !srv.AutoHTTPS.HostSkipped(d) { if certmagic.HostQualifies(d) &&
!srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) {
domainSet[d] = struct{}{} domainSet[d] = struct{}{}
} }
} }
@ -221,9 +222,12 @@ func (app *App) automaticHTTPS() error {
if len(domainSet) > 0 { if len(domainSet) > 0 {
// marshal the domains into a slice // marshal the domains into a slice
var domains []string var domains, domainsForCerts []string
for d := range domainSet { for d := range domainSet {
domains = append(domains, d) domains = append(domains, d)
if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.SkipCerts) {
domainsForCerts = append(domainsForCerts, d)
}
} }
// ensure that these certificates are managed properly; // ensure that these certificates are managed properly;
@ -245,13 +249,13 @@ func (app *App) automaticHTTPS() error {
acmeManager.SetDefaults() acmeManager.SetDefaults()
tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, tlsApp.Automation.Policies = append(tlsApp.Automation.Policies,
caddytls.AutomationPolicy{ caddytls.AutomationPolicy{
Hosts: domains, Hosts: domainsForCerts,
Management: acmeManager, Management: acmeManager,
}) })
// manage their certificates // manage their certificates
log.Printf("[INFO] Enabling automatic HTTPS for %v", domains) log.Printf("[INFO] Enabling automatic HTTPS certificates for %v", domainsForCerts)
err := tlsApp.Manage(domains) err := tlsApp.Manage(domainsForCerts)
if err != nil { if err != nil {
return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err) return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err)
} }
@ -267,6 +271,8 @@ func (app *App) automaticHTTPS() error {
continue continue
} }
log.Printf("[INFO] Enabling automatic HTTP->HTTPS redirects for %v", domains)
// create HTTP->HTTPS redirects // create HTTP->HTTPS redirects
for _, addr := range srv.Listen { for _, addr := range srv.Listen {
netw, host, port, err := splitListenAddr(addr) netw, host, port, err := splitListenAddr(addr)

14
modules/caddyhttp/server.go
View file

@ -133,12 +133,18 @@ type AutoHTTPSConfig struct {
// in automatic HTTPS (they will not have certificates // in automatic HTTPS (they will not have certificates
// loaded nor redirects applied). // loaded nor redirects applied).
Skip []string `json:"skip,omitempty"` Skip []string `json:"skip,omitempty"`
// Hosts/domain names listed here will still be enabled
// for automatic HTTPS (unless in the Skip list), except
// that certificates will not be provisioned and managed
// for these names.
SkipCerts []string `json:"skip_certificates,omitempty"`
} }
// HostSkipped returns true if name is supposed to be skipped // Skipped returns true if name is in skipSlice, which
// when setting up automatic HTTPS. // should be one of the Skip* fields on ahc.
func (ahc AutoHTTPSConfig) HostSkipped(name string) bool { func (ahc AutoHTTPSConfig) Skipped(name string, skipSlice []string) bool {
for _, n := range ahc.Skip { for _, n := range skipSlice {
if name == n { if name == n {
return true return true
} }