Commit 24352e79 authored by Matthew Holt's avatar Matthew Holt

Remove SimpleHTTP and bump version to 0.8 beta 4!

parent e17d43b5
...@@ -7,7 +7,6 @@ import ( ...@@ -7,7 +7,6 @@ import (
"net/http/httputil" "net/http/httputil"
"net/url" "net/url"
"strings" "strings"
"sync/atomic"
"github.com/mholt/caddy/middleware" "github.com/mholt/caddy/middleware"
) )
...@@ -19,17 +18,14 @@ const challengeBasePath = "/.well-known/acme-challenge" ...@@ -19,17 +18,14 @@ const challengeBasePath = "/.well-known/acme-challenge"
// to renew certificates while the server is running. // to renew certificates while the server is running.
type Handler struct { type Handler struct {
Next middleware.Handler Next middleware.Handler
ChallengeActive int32 // TODO: use sync/atomic to set/get this flag safely and efficiently //ChallengeActive int32 // (TODO) use sync/atomic to set/get this flag safely and efficiently
} }
// ServeHTTP is basically a no-op unless an ACME challenge is active on this host // ServeHTTP is basically a no-op unless an ACME challenge is active on this host
// and the request path matches the expected path exactly. // and the request path matches the expected path exactly.
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) { func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
// Only if challenge is active
// TODO: this won't work until the global challenge hook in the acme package is ready
//if atomic.LoadInt32(&h.ChallengeActive) == 1 {
// Proxy challenge requests to ACME client // Proxy challenge requests to ACME client
// TODO: Only do this if a challenge is active?
if strings.HasPrefix(r.URL.Path, challengeBasePath) { if strings.HasPrefix(r.URL.Path, challengeBasePath) {
scheme := "http" scheme := "http"
if r.TLS != nil { if r.TLS != nil {
...@@ -48,31 +44,12 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) ...@@ -48,31 +44,12 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)
proxy := httputil.NewSingleHostReverseProxy(upstream) proxy := httputil.NewSingleHostReverseProxy(upstream)
proxy.Transport = &http.Transport{ proxy.Transport = &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // client uses self-signed cert TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // client would use self-signed cert
} }
proxy.ServeHTTP(w, r) proxy.ServeHTTP(w, r)
return 0, nil return 0, nil
} }
//}
return h.Next.ServeHTTP(w, r) return h.Next.ServeHTTP(w, r)
} }
// TODO: SimpleHTTP deprecation imminent!! meaning these
// challenge handlers will go away and be replaced with
// something else.
// ChallengeOn enables h to proxy ACME requests.
func (h *Handler) ChallengeOn(challengePath string) {
// h.Lock()
// h.ChallengePath = challengePath
// h.Unlock()
atomic.StoreInt32(&h.ChallengeActive, 1)
}
// ChallengeOff disables ACME proxying from this h.
func (h *Handler) ChallengeOff(success bool) {
atomic.StoreInt32(&h.ChallengeActive, 0)
}
...@@ -79,12 +79,6 @@ func renewCertificates(configs []server.Config, useCustomPort bool) (int, []erro ...@@ -79,12 +79,6 @@ func renewCertificates(configs []server.Config, useCustomPort bool) (int, []erro
var errs []error var errs []error
var n int var n int
defer func() {
// reset these so as to not interfere with other challenges
acme.OnSimpleHTTPStart = nil
acme.OnSimpleHTTPEnd = nil
}()
for _, cfg := range configs { for _, cfg := range configs {
// Host must be TLS-enabled and have existing assets managed by LE // Host must be TLS-enabled and have existing assets managed by LE
if !cfg.TLS.Enabled || !existingCertAndKey(cfg.Host) { if !cfg.TLS.Enabled || !existingCertAndKey(cfg.Host) {
...@@ -122,28 +116,22 @@ func renewCertificates(configs []server.Config, useCustomPort bool) (int, []erro ...@@ -122,28 +116,22 @@ func renewCertificates(configs []server.Config, useCustomPort bool) (int, []erro
continue continue
} }
// Read metadata // Read and set up cert meta, required for renewal
metaBytes, err := ioutil.ReadFile(storage.SiteMetaFile(cfg.Host)) metaBytes, err := ioutil.ReadFile(storage.SiteMetaFile(cfg.Host))
if err != nil { if err != nil {
errs = append(errs, err) errs = append(errs, err)
continue continue
} }
privBytes, err := ioutil.ReadFile(storage.SiteKeyFile(cfg.Host)) privBytes, err := ioutil.ReadFile(storage.SiteKeyFile(cfg.Host))
if err != nil { if err != nil {
errs = append(errs, err) errs = append(errs, err)
continue continue
} }
var certMeta acme.CertificateResource var certMeta acme.CertificateResource
err = json.Unmarshal(metaBytes, &certMeta) err = json.Unmarshal(metaBytes, &certMeta)
certMeta.Certificate = certBytes certMeta.Certificate = certBytes
certMeta.PrivateKey = privBytes certMeta.PrivateKey = privBytes
// Tell the handler to accept and proxy acme request in order to solve challenge
acme.OnSimpleHTTPStart = acmeHandlers[cfg.Host].ChallengeOn
acme.OnSimpleHTTPEnd = acmeHandlers[cfg.Host].ChallengeOff
// Renew certificate // Renew certificate
Renew: Renew:
newCertMeta, err := client.RenewCertificate(certMeta, true, true) newCertMeta, err := client.RenewCertificate(certMeta, true, true)
...@@ -176,6 +164,5 @@ func renewCertificates(configs []server.Config, useCustomPort bool) (int, []erro ...@@ -176,6 +164,5 @@ func renewCertificates(configs []server.Config, useCustomPort bool) (int, []erro
} }
// acmeHandlers is a map of host to ACME handler. These // acmeHandlers is a map of host to ACME handler. These
// are used to proxy ACME requests to the ACME client // are used to proxy ACME requests to the ACME client.
// when port 443 is in use.
var acmeHandlers = make(map[string]*Handler) var acmeHandlers = make(map[string]*Handler)
...@@ -26,7 +26,7 @@ var ( ...@@ -26,7 +26,7 @@ var (
const ( const (
appName = "Caddy" appName = "Caddy"
appVersion = "0.8 beta 3" appVersion = "0.8 beta 4"
) )
func init() { func init() {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment