Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
caddy
Commits
f1b2637d
Commit
f1b2637d
authored
Jan 25, 2016
by
Matthew Holt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
letsencrypt: Enable activation on empty hosts; fix email bug
parent
178c4d11
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
21 additions
and
14 deletions
+21
-14
caddy/letsencrypt/letsencrypt.go
caddy/letsencrypt/letsencrypt.go
+11
-7
caddy/letsencrypt/letsencrypt_test.go
caddy/letsencrypt/letsencrypt_test.go
+8
-6
caddy/letsencrypt/user.go
caddy/letsencrypt/user.go
+2
-1
No files found.
caddy/letsencrypt/letsencrypt.go
View file @
f1b2637d
...
...
@@ -131,7 +131,7 @@ func ObtainCerts(configs []server.Config, altPort string) error {
}
for
_
,
cfg
:=
range
group
{
if
existingCertAndKey
(
cfg
.
Host
)
{
if
cfg
.
Host
==
""
||
existingCertAndKey
(
cfg
.
Host
)
{
continue
}
...
...
@@ -170,8 +170,10 @@ func EnableTLS(configs []server.Config) {
continue
}
configs
[
i
]
.
TLS
.
Enabled
=
true
if
configs
[
i
]
.
Host
!=
""
{
configs
[
i
]
.
TLS
.
Certificate
=
storage
.
SiteCertFile
(
configs
[
i
]
.
Host
)
configs
[
i
]
.
TLS
.
Key
=
storage
.
SiteKeyFile
(
configs
[
i
]
.
Host
)
}
setup
.
SetDefaultTLSParams
(
&
configs
[
i
])
}
}
...
...
@@ -257,13 +259,15 @@ func ConfigQualifies(cfg server.Config) bool {
cfg
.
Port
!=
"80"
&&
cfg
.
TLS
.
LetsEncryptEmail
!=
"off"
&&
// we get can't certs for some kinds of hostnames
HostQualifies
(
cfg
.
Host
)
// we get can't certs for some kinds of hostnames,
// but we CAN get certs at request-time even if
// the hostname in the config is empty right now.
(
cfg
.
Host
==
""
||
HostQualifies
(
cfg
.
Host
))
}
// HostQualifies returns true if the hostname alone
// appears eligible for automatic HTTPS. For example,
// localhost, empty hostname, and
wildcard host
s are
// localhost, empty hostname, and
IP addresse
s are
// not eligible because we cannot obtain certificates
// for those names.
func
HostQualifies
(
hostname
string
)
bool
{
...
...
@@ -397,7 +401,7 @@ func saveCertResource(cert acme.CertificateResource) error {
// be the HTTPS configuration. The returned configuration is set
// to listen on port 80.
func
redirPlaintextHost
(
cfg
server
.
Config
)
server
.
Config
{
toURL
:=
"https://
"
+
cfg
.
Host
toURL
:=
"https://
{host}"
// serve any host, since cfg.Host could be empty
if
cfg
.
Port
!=
"443"
&&
cfg
.
Port
!=
"80"
{
toURL
+=
":"
+
cfg
.
Port
}
...
...
caddy/letsencrypt/letsencrypt_test.go
View file @
f1b2637d
...
...
@@ -46,6 +46,7 @@ func TestConfigQualifies(t *testing.T) {
cfg
server
.
Config
expect
bool
}{
{
server
.
Config
{
Host
:
""
},
true
},
{
server
.
Config
{
Host
:
"localhost"
},
false
},
{
server
.
Config
{
Host
:
"example.com"
},
true
},
{
server
.
Config
{
Host
:
"example.com"
,
TLS
:
server
.
TLSConfig
{
Certificate
:
"cert.pem"
}},
false
},
...
...
@@ -105,18 +106,18 @@ func TestRedirPlaintextHost(t *testing.T) {
if
actual
,
expected
:=
handler
.
Rules
[
0
]
.
FromPath
,
"/"
;
actual
!=
expected
{
t
.
Errorf
(
"Expected redirect rule to be for path '%s' but is actually for '%s'"
,
expected
,
actual
)
}
if
actual
,
expected
:=
handler
.
Rules
[
0
]
.
To
,
"https://
example.com
:1234{uri}"
;
actual
!=
expected
{
if
actual
,
expected
:=
handler
.
Rules
[
0
]
.
To
,
"https://
{host}
:1234{uri}"
;
actual
!=
expected
{
t
.
Errorf
(
"Expected redirect rule to be to URL '%s' but is actually to '%s'"
,
expected
,
actual
)
}
if
actual
,
expected
:=
handler
.
Rules
[
0
]
.
Code
,
http
.
StatusMovedPermanently
;
actual
!=
expected
{
t
.
Errorf
(
"Expected redirect rule to have code %d but was %d"
,
expected
,
actual
)
}
// browsers can in
terpret default ports with
scheme, so make sure the port
// doesn't get added in explicitly for default ports.
// browsers can in
fer a default port from
scheme, so make sure the port
// doesn't get added in explicitly for default ports
like 443 for https
.
cfg
=
redirPlaintextHost
(
server
.
Config
{
Host
:
"example.com"
,
Port
:
"443"
})
handler
,
ok
=
cfg
.
Middleware
[
"/"
][
0
](
nil
)
.
(
redirect
.
Redirect
)
if
actual
,
expected
:=
handler
.
Rules
[
0
]
.
To
,
"https://
example.com
{uri}"
;
actual
!=
expected
{
if
actual
,
expected
:=
handler
.
Rules
[
0
]
.
To
,
"https://
{host}
{uri}"
;
actual
!=
expected
{
t
.
Errorf
(
"(Default Port) Expected redirect rule to be to URL '%s' but is actually to '%s'"
,
expected
,
actual
)
}
}
...
...
@@ -252,7 +253,7 @@ func TestMakePlaintextRedirects(t *testing.T) {
func
TestEnableTLS
(
t
*
testing
.
T
)
{
configs
:=
[]
server
.
Config
{
server
.
Config
{
TLS
:
server
.
TLSConfig
{
Managed
:
true
}},
server
.
Config
{
Host
:
"example.com"
,
TLS
:
server
.
TLSConfig
{
Managed
:
true
}},
server
.
Config
{},
// not managed - no changes!
}
...
...
@@ -325,8 +326,9 @@ func TestMarkQualified(t *testing.T) {
{
Host
:
"example.com"
,
Port
:
"1234"
},
{
Host
:
"example.com"
,
Scheme
:
"https"
},
{
Host
:
"example.com"
,
Port
:
"80"
,
Scheme
:
"https"
},
{
Host
:
""
},
}
expectedManagedCount
:=
4
expectedManagedCount
:=
5
MarkQualified
(
configs
)
...
...
caddy/letsencrypt/user.go
View file @
f1b2637d
...
...
@@ -154,10 +154,11 @@ func getEmail(cfg server.Config, skipPrompt bool) string {
if
err
!=
nil
{
return
""
}
leEmail
=
strings
.
TrimSpace
(
leEmail
)
DefaultEmail
=
leEmail
Agreed
=
true
}
return
strings
.
TrimSpace
(
leEmail
)
return
leEmail
}
// promptUserAgreement prompts the user to agree to the agreement
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment