Commit 24352e79 authored by Matthew Holt's avatar Matthew Holt

Remove SimpleHTTP and bump version to 0.8 beta 4!

parent e17d43b5
......@@ -7,7 +7,6 @@ import (
"net/http/httputil"
"net/url"
"strings"
"sync/atomic"
"github.com/mholt/caddy/middleware"
)
......@@ -19,17 +18,14 @@ const challengeBasePath = "/.well-known/acme-challenge"
// to renew certificates while the server is running.
type Handler struct {
Next middleware.Handler
ChallengeActive int32 // TODO: use sync/atomic to set/get this flag safely and efficiently
//ChallengeActive int32 // (TODO) use sync/atomic to set/get this flag safely and efficiently
}
// ServeHTTP is basically a no-op unless an ACME challenge is active on this host
// and the request path matches the expected path exactly.
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
// Only if challenge is active
// TODO: this won't work until the global challenge hook in the acme package is ready
//if atomic.LoadInt32(&h.ChallengeActive) == 1 {
// Proxy challenge requests to ACME client
// TODO: Only do this if a challenge is active?
if strings.HasPrefix(r.URL.Path, challengeBasePath) {
scheme := "http"
if r.TLS != nil {
......@@ -48,31 +44,12 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)
proxy := httputil.NewSingleHostReverseProxy(upstream)
proxy.Transport = &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // client uses self-signed cert
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // client would use self-signed cert
}
proxy.ServeHTTP(w, r)
return 0, nil
}
//}
return h.Next.ServeHTTP(w, r)
}
// TODO: SimpleHTTP deprecation imminent!! meaning these
// challenge handlers will go away and be replaced with
// something else.
// ChallengeOn enables h to proxy ACME requests.
func (h *Handler) ChallengeOn(challengePath string) {
// h.Lock()
// h.ChallengePath = challengePath
// h.Unlock()
atomic.StoreInt32(&h.ChallengeActive, 1)
}
// ChallengeOff disables ACME proxying from this h.
func (h *Handler) ChallengeOff(success bool) {
atomic.StoreInt32(&h.ChallengeActive, 0)
}
......@@ -79,12 +79,6 @@ func renewCertificates(configs []server.Config, useCustomPort bool) (int, []erro
var errs []error
var n int
defer func() {
// reset these so as to not interfere with other challenges
acme.OnSimpleHTTPStart = nil
acme.OnSimpleHTTPEnd = nil
}()
for _, cfg := range configs {
// Host must be TLS-enabled and have existing assets managed by LE
if !cfg.TLS.Enabled || !existingCertAndKey(cfg.Host) {
......@@ -122,28 +116,22 @@ func renewCertificates(configs []server.Config, useCustomPort bool) (int, []erro
continue
}
// Read metadata
// Read and set up cert meta, required for renewal
metaBytes, err := ioutil.ReadFile(storage.SiteMetaFile(cfg.Host))
if err != nil {
errs = append(errs, err)
continue
}
privBytes, err := ioutil.ReadFile(storage.SiteKeyFile(cfg.Host))
if err != nil {
errs = append(errs, err)
continue
}
var certMeta acme.CertificateResource
err = json.Unmarshal(metaBytes, &certMeta)
certMeta.Certificate = certBytes
certMeta.PrivateKey = privBytes
// Tell the handler to accept and proxy acme request in order to solve challenge
acme.OnSimpleHTTPStart = acmeHandlers[cfg.Host].ChallengeOn
acme.OnSimpleHTTPEnd = acmeHandlers[cfg.Host].ChallengeOff
// Renew certificate
Renew:
newCertMeta, err := client.RenewCertificate(certMeta, true, true)
......@@ -176,6 +164,5 @@ func renewCertificates(configs []server.Config, useCustomPort bool) (int, []erro
}
// acmeHandlers is a map of host to ACME handler. These
// are used to proxy ACME requests to the ACME client
// when port 443 is in use.
// are used to proxy ACME requests to the ACME client.
var acmeHandlers = make(map[string]*Handler)
......@@ -26,7 +26,7 @@ var (
const (
appName = "Caddy"
appVersion = "0.8 beta 3"
appVersion = "0.8 beta 4"
)
func init() {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment