2019-08-10 02:05:47 +08:00
|
|
|
// Copyright 2015 Matthew Holt and The Caddy Authors
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
package httpcaddyfile
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
|
|
|
"html"
|
|
|
|
"net/http"
|
2019-08-22 00:46:35 +08:00
|
|
|
"reflect"
|
2020-01-23 00:24:49 +08:00
|
|
|
"strings"
|
2019-08-10 02:05:47 +08:00
|
|
|
|
2019-12-11 04:36:46 +08:00
|
|
|
"github.com/caddyserver/caddy/v2"
|
2019-08-23 02:26:48 +08:00
|
|
|
"github.com/caddyserver/caddy/v2/caddyconfig"
|
2020-02-26 13:00:33 +08:00
|
|
|
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
2019-08-23 02:26:48 +08:00
|
|
|
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
2019-08-10 02:05:47 +08:00
|
|
|
"github.com/caddyserver/caddy/v2/modules/caddytls"
|
2020-02-26 13:00:33 +08:00
|
|
|
"go.uber.org/zap/zapcore"
|
2019-08-10 02:05:47 +08:00
|
|
|
)
|
|
|
|
|
2019-08-22 00:46:35 +08:00
|
|
|
func init() {
|
|
|
|
RegisterDirective("bind", parseBind)
|
2020-01-23 00:32:38 +08:00
|
|
|
RegisterDirective("root", parseRoot) // TODO: isn't this a handler directive?
|
2019-08-22 00:46:35 +08:00
|
|
|
RegisterDirective("tls", parseTLS)
|
|
|
|
RegisterHandlerDirective("redir", parseRedir)
|
2019-09-17 01:04:18 +08:00
|
|
|
RegisterHandlerDirective("respond", parseRespond)
|
2020-01-10 05:00:32 +08:00
|
|
|
RegisterHandlerDirective("route", parseRoute)
|
2020-02-29 04:38:12 +08:00
|
|
|
RegisterHandlerDirective("handle", parseHandle)
|
2020-02-17 13:24:20 +08:00
|
|
|
RegisterDirective("handle_errors", parseHandleErrors)
|
2020-02-26 13:00:33 +08:00
|
|
|
RegisterDirective("log", parseLog)
|
2019-08-22 00:46:35 +08:00
|
|
|
}
|
2019-08-10 02:05:47 +08:00
|
|
|
|
2020-01-23 00:32:38 +08:00
|
|
|
// parseBind parses the bind directive. Syntax:
|
|
|
|
//
|
|
|
|
// bind <addresses...>
|
|
|
|
//
|
2019-08-22 00:46:35 +08:00
|
|
|
func parseBind(h Helper) ([]ConfigValue, error) {
|
|
|
|
var lnHosts []string
|
|
|
|
for h.Next() {
|
|
|
|
lnHosts = append(lnHosts, h.RemainingArgs()...)
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
2019-08-22 00:46:35 +08:00
|
|
|
return h.NewBindAddresses(lnHosts), nil
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
|
|
|
|
2020-01-23 00:32:38 +08:00
|
|
|
// parseRoot parses the root directive. Syntax:
|
|
|
|
//
|
|
|
|
// root [<matcher>] <path>
|
|
|
|
//
|
2019-08-22 00:46:35 +08:00
|
|
|
func parseRoot(h Helper) ([]ConfigValue, error) {
|
|
|
|
if !h.Next() {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
2019-08-10 02:05:47 +08:00
|
|
|
|
2019-08-22 00:46:35 +08:00
|
|
|
matcherSet, ok, err := h.MatcherToken()
|
2019-08-10 02:05:47 +08:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2019-08-22 00:46:35 +08:00
|
|
|
if !ok {
|
|
|
|
// no matcher token; oops
|
|
|
|
h.Dispenser.Prev()
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
|
|
|
|
2019-08-22 00:46:35 +08:00
|
|
|
if !h.NextArg() {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
|
|
|
root := h.Val()
|
|
|
|
if h.NextArg() {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
2019-08-10 02:05:47 +08:00
|
|
|
|
2019-08-22 00:46:35 +08:00
|
|
|
varsHandler := caddyhttp.VarsMiddleware{"root": root}
|
|
|
|
route := caddyhttp.Route{
|
|
|
|
HandlersRaw: []json.RawMessage{
|
|
|
|
caddyconfig.JSONModuleObject(varsHandler, "handler", "vars", nil),
|
|
|
|
},
|
|
|
|
}
|
|
|
|
if matcherSet != nil {
|
2019-12-11 04:36:46 +08:00
|
|
|
route.MatcherSetsRaw = []caddy.ModuleMap{matcherSet}
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
|
|
|
|
2020-01-17 08:08:52 +08:00
|
|
|
return []ConfigValue{{Class: "route", Value: route}}, nil
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
|
|
|
|
2020-01-23 00:24:49 +08:00
|
|
|
// parseTLS parses the tls directive. Syntax:
|
|
|
|
//
|
2020-03-14 01:06:08 +08:00
|
|
|
// tls [<email>|internal]|[<cert_file> <key_file>] {
|
2020-01-23 00:24:49 +08:00
|
|
|
// protocols <min> [<max>]
|
|
|
|
// ciphers <cipher_suites...>
|
|
|
|
// curves <curves...>
|
|
|
|
// alpn <values...>
|
|
|
|
// load <paths...>
|
|
|
|
// ca <acme_ca_endpoint>
|
2020-02-09 07:52:54 +08:00
|
|
|
// dns <provider_name>
|
2020-03-18 11:00:45 +08:00
|
|
|
// on_demand
|
2020-01-23 00:24:49 +08:00
|
|
|
// }
|
|
|
|
//
|
2019-08-22 00:46:35 +08:00
|
|
|
func parseTLS(h Helper) ([]ConfigValue, error) {
|
2020-03-18 11:00:45 +08:00
|
|
|
cp := new(caddytls.ConnectionPolicy)
|
2019-08-10 02:05:47 +08:00
|
|
|
var fileLoader caddytls.FileLoader
|
|
|
|
var folderLoader caddytls.FolderLoader
|
2020-03-14 01:06:08 +08:00
|
|
|
var acmeIssuer *caddytls.ACMEIssuer
|
|
|
|
var internalIssuer *caddytls.InternalIssuer
|
2020-03-18 11:00:45 +08:00
|
|
|
var onDemand bool
|
2019-09-30 23:11:30 +08:00
|
|
|
|
2019-08-22 00:46:35 +08:00
|
|
|
for h.Next() {
|
|
|
|
// file certificate loader
|
|
|
|
firstLine := h.RemainingArgs()
|
|
|
|
switch len(firstLine) {
|
|
|
|
case 0:
|
|
|
|
case 1:
|
2020-03-14 01:06:08 +08:00
|
|
|
if firstLine[0] == "internal" {
|
|
|
|
internalIssuer = new(caddytls.InternalIssuer)
|
|
|
|
} else if !strings.Contains(firstLine[0], "@") {
|
|
|
|
return nil, h.Err("single argument must either be 'internal' or an email address")
|
|
|
|
} else {
|
|
|
|
if acmeIssuer == nil {
|
|
|
|
acmeIssuer = new(caddytls.ACMEIssuer)
|
|
|
|
}
|
|
|
|
acmeIssuer.Email = firstLine[0]
|
2019-08-22 00:46:35 +08:00
|
|
|
}
|
2020-03-14 01:06:08 +08:00
|
|
|
|
2019-08-22 00:46:35 +08:00
|
|
|
case 2:
|
httpcaddyfile: tls: Load repeated cert files only once, with one tag
See end of issue #3004. Loading the same certificate file multiple times
with different tags will result in it being de-duplicated in the in-
memory cache, because of course they all have the same bytes. This
meant that any certs of the same filename loaded with different tags
would be overwritten by the next certificate of the same filename, and
any conn policies looking for the tags of the previous ones would never
find them, causing connections to fail.
So, now we remember cert filenames and their tags, instead of loading
them multiple times and overwriting previous ones.
A user crafting their own JSON might make this error too... maybe we
won't see it happen. But if it does, one possibility is, when loading
a duplicate cert, instead of discarding it completely, merge the tag
list into the one that's already stored in the cache, then discard.
2020-02-21 01:18:29 +08:00
|
|
|
certFilename := firstLine[0]
|
|
|
|
keyFilename := firstLine[1]
|
|
|
|
|
2020-02-07 03:55:26 +08:00
|
|
|
// tag this certificate so if multiple certs match, specifically
|
|
|
|
// this one that the user has provided will be used, see #2588:
|
httpcaddyfile: tls: Load repeated cert files only once, with one tag
See end of issue #3004. Loading the same certificate file multiple times
with different tags will result in it being de-duplicated in the in-
memory cache, because of course they all have the same bytes. This
meant that any certs of the same filename loaded with different tags
would be overwritten by the next certificate of the same filename, and
any conn policies looking for the tags of the previous ones would never
find them, causing connections to fail.
So, now we remember cert filenames and their tags, instead of loading
them multiple times and overwriting previous ones.
A user crafting their own JSON might make this error too... maybe we
won't see it happen. But if it does, one possibility is, when loading
a duplicate cert, instead of discarding it completely, merge the tag
list into the one that's already stored in the cache, then discard.
2020-02-21 01:18:29 +08:00
|
|
|
// https://github.com/caddyserver/caddy/issues/2588 ... but we
|
|
|
|
// must be careful about how we do this; being careless will
|
|
|
|
// lead to failed handshakes
|
2020-03-14 01:06:08 +08:00
|
|
|
//
|
httpcaddyfile: tls: Load repeated cert files only once, with one tag
See end of issue #3004. Loading the same certificate file multiple times
with different tags will result in it being de-duplicated in the in-
memory cache, because of course they all have the same bytes. This
meant that any certs of the same filename loaded with different tags
would be overwritten by the next certificate of the same filename, and
any conn policies looking for the tags of the previous ones would never
find them, causing connections to fail.
So, now we remember cert filenames and their tags, instead of loading
them multiple times and overwriting previous ones.
A user crafting their own JSON might make this error too... maybe we
won't see it happen. But if it does, one possibility is, when loading
a duplicate cert, instead of discarding it completely, merge the tag
list into the one that's already stored in the cache, then discard.
2020-02-21 01:18:29 +08:00
|
|
|
// we need to remember which cert files we've seen, since we
|
|
|
|
// must load each cert only once; otherwise, they each get a
|
|
|
|
// different tag... since a cert loaded twice has the same
|
|
|
|
// bytes, it will overwrite the first one in the cache, and
|
|
|
|
// only the last cert (and its tag) will survive, so a any conn
|
|
|
|
// policy that is looking for any tag but the last one to be
|
|
|
|
// loaded won't find it, and TLS handshakes will fail (see end)
|
|
|
|
// of issue #3004)
|
2020-03-14 01:06:08 +08:00
|
|
|
//
|
2020-03-05 00:58:49 +08:00
|
|
|
// tlsCertTags maps certificate filenames to their tag.
|
|
|
|
// This is used to remember which tag is used for each
|
|
|
|
// certificate files, since we need to avoid loading
|
|
|
|
// the same certificate files more than once, overwriting
|
|
|
|
// previous tags
|
|
|
|
tlsCertTags, ok := h.State["tlsCertTags"].(map[string]string)
|
|
|
|
if !ok {
|
|
|
|
tlsCertTags = make(map[string]string)
|
|
|
|
h.State["tlsCertTags"] = tlsCertTags
|
|
|
|
}
|
|
|
|
|
httpcaddyfile: tls: Load repeated cert files only once, with one tag
See end of issue #3004. Loading the same certificate file multiple times
with different tags will result in it being de-duplicated in the in-
memory cache, because of course they all have the same bytes. This
meant that any certs of the same filename loaded with different tags
would be overwritten by the next certificate of the same filename, and
any conn policies looking for the tags of the previous ones would never
find them, causing connections to fail.
So, now we remember cert filenames and their tags, instead of loading
them multiple times and overwriting previous ones.
A user crafting their own JSON might make this error too... maybe we
won't see it happen. But if it does, one possibility is, when loading
a duplicate cert, instead of discarding it completely, merge the tag
list into the one that's already stored in the cache, then discard.
2020-02-21 01:18:29 +08:00
|
|
|
tag, ok := tlsCertTags[certFilename]
|
|
|
|
if !ok {
|
|
|
|
// haven't seen this cert file yet, let's give it a tag
|
|
|
|
// and add a loader for it
|
|
|
|
tag = fmt.Sprintf("cert%d", len(tlsCertTags))
|
|
|
|
fileLoader = append(fileLoader, caddytls.CertKeyFilePair{
|
|
|
|
Certificate: certFilename,
|
|
|
|
Key: keyFilename,
|
|
|
|
Tags: []string{tag},
|
|
|
|
})
|
|
|
|
// remember this for next time we see this cert file
|
|
|
|
tlsCertTags[certFilename] = tag
|
|
|
|
}
|
2020-02-07 03:55:26 +08:00
|
|
|
certSelector := caddytls.CustomCertSelectionPolicy{Tag: tag}
|
|
|
|
cp.CertSelection = caddyconfig.JSONModuleObject(certSelector, "policy", "custom", h.warnings)
|
2019-08-22 00:46:35 +08:00
|
|
|
default:
|
|
|
|
return nil, h.ArgErr()
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
|
|
|
|
2019-08-22 00:46:35 +08:00
|
|
|
var hasBlock bool
|
2019-09-11 09:21:52 +08:00
|
|
|
for h.NextBlock(0) {
|
2019-08-22 00:46:35 +08:00
|
|
|
hasBlock = true
|
2019-08-10 02:05:47 +08:00
|
|
|
|
2019-08-22 00:46:35 +08:00
|
|
|
switch h.Val() {
|
2019-08-10 02:05:47 +08:00
|
|
|
case "protocols":
|
2019-08-22 00:46:35 +08:00
|
|
|
args := h.RemainingArgs()
|
2019-08-10 02:05:47 +08:00
|
|
|
if len(args) == 0 {
|
2019-08-22 00:46:35 +08:00
|
|
|
return nil, h.SyntaxErr("one or two protocols")
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
|
|
|
if len(args) > 0 {
|
|
|
|
if _, ok := caddytls.SupportedProtocols[args[0]]; !ok {
|
2019-08-22 00:46:35 +08:00
|
|
|
return nil, h.Errf("Wrong protocol name or protocol not supported: '%s'", args[0])
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
|
|
|
cp.ProtocolMin = args[0]
|
|
|
|
}
|
|
|
|
if len(args) > 1 {
|
|
|
|
if _, ok := caddytls.SupportedProtocols[args[1]]; !ok {
|
2019-08-22 00:46:35 +08:00
|
|
|
return nil, h.Errf("Wrong protocol name or protocol not supported: '%s'", args[1])
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
|
|
|
cp.ProtocolMax = args[1]
|
|
|
|
}
|
2020-03-18 11:00:45 +08:00
|
|
|
|
2019-08-10 02:05:47 +08:00
|
|
|
case "ciphers":
|
2019-08-22 00:46:35 +08:00
|
|
|
for h.NextArg() {
|
|
|
|
if _, ok := caddytls.SupportedCipherSuites[h.Val()]; !ok {
|
|
|
|
return nil, h.Errf("Wrong cipher suite name or cipher suite not supported: '%s'", h.Val())
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
2019-08-22 00:46:35 +08:00
|
|
|
cp.CipherSuites = append(cp.CipherSuites, h.Val())
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
2020-03-18 11:00:45 +08:00
|
|
|
|
2019-08-10 02:05:47 +08:00
|
|
|
case "curves":
|
2019-08-22 00:46:35 +08:00
|
|
|
for h.NextArg() {
|
|
|
|
if _, ok := caddytls.SupportedCurves[h.Val()]; !ok {
|
|
|
|
return nil, h.Errf("Wrong curve name or curve not supported: '%s'", h.Val())
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
2019-08-22 00:46:35 +08:00
|
|
|
cp.Curves = append(cp.Curves, h.Val())
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
2020-03-18 11:00:45 +08:00
|
|
|
|
2019-08-10 02:05:47 +08:00
|
|
|
case "alpn":
|
2019-08-22 00:46:35 +08:00
|
|
|
args := h.RemainingArgs()
|
2019-08-10 02:05:47 +08:00
|
|
|
if len(args) == 0 {
|
2019-08-22 00:46:35 +08:00
|
|
|
return nil, h.ArgErr()
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
|
|
|
cp.ALPN = args
|
2019-08-22 00:46:35 +08:00
|
|
|
|
|
|
|
case "load":
|
|
|
|
folderLoader = append(folderLoader, h.RemainingArgs()...)
|
|
|
|
|
|
|
|
case "ca":
|
|
|
|
arg := h.RemainingArgs()
|
|
|
|
if len(arg) != 1 {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
2020-03-14 01:06:08 +08:00
|
|
|
if acmeIssuer == nil {
|
|
|
|
acmeIssuer = new(caddytls.ACMEIssuer)
|
|
|
|
}
|
|
|
|
acmeIssuer.CA = arg[0]
|
2019-08-22 00:46:35 +08:00
|
|
|
|
2020-02-09 07:52:54 +08:00
|
|
|
case "dns":
|
|
|
|
if !h.Next() {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
2020-03-14 01:06:08 +08:00
|
|
|
if acmeIssuer == nil {
|
|
|
|
acmeIssuer = new(caddytls.ACMEIssuer)
|
|
|
|
}
|
2020-02-09 07:52:54 +08:00
|
|
|
provName := h.Val()
|
2020-03-14 01:06:08 +08:00
|
|
|
if acmeIssuer.Challenges == nil {
|
|
|
|
acmeIssuer.Challenges = new(caddytls.ChallengesConfig)
|
2020-02-09 07:52:54 +08:00
|
|
|
}
|
|
|
|
dnsProvModule, err := caddy.GetModule("tls.dns." + provName)
|
|
|
|
if err != nil {
|
|
|
|
return nil, h.Errf("getting DNS provider module named '%s': %v", provName, err)
|
|
|
|
}
|
2020-03-14 01:06:08 +08:00
|
|
|
acmeIssuer.Challenges.DNSRaw = caddyconfig.JSONModuleObject(dnsProvModule.New(), "provider", provName, h.warnings)
|
2020-02-17 13:24:20 +08:00
|
|
|
|
2020-02-13 04:07:25 +08:00
|
|
|
case "ca_root":
|
|
|
|
arg := h.RemainingArgs()
|
|
|
|
if len(arg) != 1 {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
2020-03-14 01:06:08 +08:00
|
|
|
if acmeIssuer == nil {
|
|
|
|
acmeIssuer = new(caddytls.ACMEIssuer)
|
|
|
|
}
|
|
|
|
acmeIssuer.TrustedRootsPEMFiles = append(acmeIssuer.TrustedRootsPEMFiles, arg[0])
|
2020-02-09 07:52:54 +08:00
|
|
|
|
2020-03-18 11:00:45 +08:00
|
|
|
case "on_demand":
|
|
|
|
if h.NextArg() {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
|
|
|
onDemand = true
|
|
|
|
|
2019-09-30 23:11:30 +08:00
|
|
|
default:
|
|
|
|
return nil, h.Errf("unknown subdirective: %s", h.Val())
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
|
|
|
}
|
2019-08-22 00:46:35 +08:00
|
|
|
|
|
|
|
// a naked tls directive is not allowed
|
|
|
|
if len(firstLine) == 0 && !hasBlock {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-03-14 01:06:08 +08:00
|
|
|
// begin building the final config values
|
|
|
|
var configVals []ConfigValue
|
|
|
|
|
2019-08-22 00:46:35 +08:00
|
|
|
// certificate loaders
|
|
|
|
if len(fileLoader) > 0 {
|
|
|
|
configVals = append(configVals, ConfigValue{
|
|
|
|
Class: "tls.certificate_loader",
|
|
|
|
Value: fileLoader,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
if len(folderLoader) > 0 {
|
|
|
|
configVals = append(configVals, ConfigValue{
|
|
|
|
Class: "tls.certificate_loader",
|
|
|
|
Value: folderLoader,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2020-03-18 11:00:45 +08:00
|
|
|
// issuer
|
2020-03-14 01:06:08 +08:00
|
|
|
if acmeIssuer != nil && internalIssuer != nil {
|
|
|
|
// the logic to support this would be complex
|
|
|
|
return nil, h.Err("cannot use both ACME and internal issuers in same server block")
|
|
|
|
}
|
|
|
|
if acmeIssuer != nil {
|
|
|
|
// fill in global defaults, if configured
|
|
|
|
if email := h.Option("email"); email != nil && acmeIssuer.Email == "" {
|
|
|
|
acmeIssuer.Email = email.(string)
|
|
|
|
}
|
|
|
|
if acmeCA := h.Option("acme_ca"); acmeCA != nil && acmeIssuer.CA == "" {
|
|
|
|
acmeIssuer.CA = acmeCA.(string)
|
|
|
|
}
|
|
|
|
if caPemFile := h.Option("acme_ca_root"); caPemFile != nil {
|
|
|
|
acmeIssuer.TrustedRootsPEMFiles = append(acmeIssuer.TrustedRootsPEMFiles, caPemFile.(string))
|
|
|
|
}
|
|
|
|
|
|
|
|
configVals = append(configVals, ConfigValue{
|
|
|
|
Class: "tls.cert_issuer",
|
|
|
|
Value: acmeIssuer,
|
|
|
|
})
|
|
|
|
} else if internalIssuer != nil {
|
2019-08-22 00:46:35 +08:00
|
|
|
configVals = append(configVals, ConfigValue{
|
2020-03-07 14:15:25 +08:00
|
|
|
Class: "tls.cert_issuer",
|
2020-03-14 01:06:08 +08:00
|
|
|
Value: internalIssuer,
|
2019-08-22 00:46:35 +08:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2020-03-18 11:00:45 +08:00
|
|
|
// on-demand TLS
|
|
|
|
if onDemand {
|
|
|
|
configVals = append(configVals, ConfigValue{
|
|
|
|
Class: "tls.on_demand",
|
|
|
|
Value: true,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// connection policy -- always add one, to ensure that TLS
|
|
|
|
// is enabled, because this directive was used (this is
|
|
|
|
// needed, for instance, when a site block has a key of
|
|
|
|
// just ":5000" - i.e. no hostname, and only on-demand TLS
|
|
|
|
// is enabled)
|
|
|
|
configVals = append(configVals, ConfigValue{
|
|
|
|
Class: "tls.connection_policy",
|
|
|
|
Value: cp,
|
|
|
|
})
|
|
|
|
|
2019-08-22 00:46:35 +08:00
|
|
|
return configVals, nil
|
|
|
|
}
|
|
|
|
|
2020-01-23 00:32:38 +08:00
|
|
|
// parseRedir parses the redir directive. Syntax:
|
|
|
|
//
|
|
|
|
// redir [<matcher>] <to> [<code>]
|
|
|
|
//
|
2019-08-22 00:46:35 +08:00
|
|
|
func parseRedir(h Helper) (caddyhttp.MiddlewareHandler, error) {
|
|
|
|
if !h.Next() {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
|
|
|
|
|
|
|
if !h.NextArg() {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
|
|
|
to := h.Val()
|
|
|
|
|
|
|
|
var code string
|
|
|
|
if h.NextArg() {
|
|
|
|
code = h.Val()
|
|
|
|
}
|
|
|
|
if code == "permanent" {
|
|
|
|
code = "301"
|
|
|
|
}
|
|
|
|
if code == "temporary" || code == "" {
|
2020-01-23 00:32:38 +08:00
|
|
|
code = "302"
|
2019-08-22 00:46:35 +08:00
|
|
|
}
|
|
|
|
var body string
|
2020-01-23 00:32:38 +08:00
|
|
|
if code == "html" {
|
2019-08-22 00:46:35 +08:00
|
|
|
// Script tag comes first since that will better imitate a redirect in the browser's
|
|
|
|
// history, but the meta tag is a fallback for most non-JS clients.
|
|
|
|
const metaRedir = `<!DOCTYPE html>
|
|
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<title>Redirecting...</title>
|
|
|
|
<script>window.location.replace("%s");</script>
|
|
|
|
<meta http-equiv="refresh" content="0; URL='%s'">
|
|
|
|
</head>
|
|
|
|
<body>Redirecting to <a href="%s">%s</a>...</body>
|
|
|
|
</html>
|
|
|
|
`
|
|
|
|
safeTo := html.EscapeString(to)
|
|
|
|
body = fmt.Sprintf(metaRedir, safeTo, safeTo, safeTo, safeTo)
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
|
|
|
|
2019-08-22 00:46:35 +08:00
|
|
|
return caddyhttp.StaticResponse{
|
|
|
|
StatusCode: caddyhttp.WeakString(code),
|
|
|
|
Headers: http.Header{"Location": []string{to}},
|
|
|
|
Body: body,
|
|
|
|
}, nil
|
2019-08-10 02:05:47 +08:00
|
|
|
}
|
2019-09-17 01:04:18 +08:00
|
|
|
|
2020-01-23 00:32:38 +08:00
|
|
|
// parseRespond parses the respond directive.
|
2019-09-17 01:04:18 +08:00
|
|
|
func parseRespond(h Helper) (caddyhttp.MiddlewareHandler, error) {
|
|
|
|
sr := new(caddyhttp.StaticResponse)
|
|
|
|
err := sr.UnmarshalCaddyfile(h.Dispenser)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return sr, nil
|
|
|
|
}
|
2020-01-10 05:00:32 +08:00
|
|
|
|
2020-01-23 00:32:38 +08:00
|
|
|
// parseRoute parses the route directive.
|
2020-01-10 05:00:32 +08:00
|
|
|
func parseRoute(h Helper) (caddyhttp.MiddlewareHandler, error) {
|
|
|
|
sr := new(caddyhttp.Subroute)
|
|
|
|
|
|
|
|
for h.Next() {
|
|
|
|
for nesting := h.Nesting(); h.NextBlock(nesting); {
|
|
|
|
dir := h.Val()
|
|
|
|
|
|
|
|
dirFunc, ok := registeredDirectives[dir]
|
|
|
|
if !ok {
|
|
|
|
return nil, h.Errf("unrecognized directive: %s", dir)
|
|
|
|
}
|
|
|
|
|
|
|
|
subHelper := h
|
2020-02-15 02:00:16 +08:00
|
|
|
subHelper.Dispenser = h.NewFromNextSegment()
|
2020-01-10 05:00:32 +08:00
|
|
|
|
|
|
|
results, err := dirFunc(subHelper)
|
|
|
|
if err != nil {
|
|
|
|
return nil, h.Errf("parsing caddyfile tokens for '%s': %v", dir, err)
|
|
|
|
}
|
|
|
|
for _, result := range results {
|
|
|
|
handler, ok := result.Value.(caddyhttp.Route)
|
|
|
|
if !ok {
|
|
|
|
return nil, h.Errf("%s directive returned something other than an HTTP route: %#v (only handler directives can be used in routes)", dir, result.Value)
|
|
|
|
}
|
|
|
|
sr.Routes = append(sr.Routes, handler)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return sr, nil
|
|
|
|
}
|
2020-01-17 08:08:52 +08:00
|
|
|
|
|
|
|
func parseHandle(h Helper) (caddyhttp.MiddlewareHandler, error) {
|
2020-02-17 13:24:20 +08:00
|
|
|
return parseSegmentAsSubroute(h)
|
|
|
|
}
|
2020-01-17 08:08:52 +08:00
|
|
|
|
2020-02-17 13:24:20 +08:00
|
|
|
func parseHandleErrors(h Helper) ([]ConfigValue, error) {
|
|
|
|
subroute, err := parseSegmentAsSubroute(h)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2020-01-17 08:08:52 +08:00
|
|
|
}
|
2020-02-17 13:24:20 +08:00
|
|
|
return []ConfigValue{
|
|
|
|
{
|
|
|
|
Class: "error_route",
|
|
|
|
Value: subroute,
|
|
|
|
},
|
|
|
|
}, nil
|
2020-01-17 08:08:52 +08:00
|
|
|
}
|
2020-02-07 03:55:26 +08:00
|
|
|
|
2020-02-26 13:00:33 +08:00
|
|
|
// parseLog parses the log directive. Syntax:
|
|
|
|
//
|
|
|
|
// log {
|
|
|
|
// output <writer_module> ...
|
|
|
|
// format <encoder_module> ...
|
|
|
|
// level <level>
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
func parseLog(h Helper) ([]ConfigValue, error) {
|
|
|
|
var configValues []ConfigValue
|
|
|
|
for h.Next() {
|
|
|
|
cl := new(caddy.CustomLog)
|
|
|
|
|
|
|
|
for h.NextBlock(0) {
|
|
|
|
switch h.Val() {
|
|
|
|
case "output":
|
|
|
|
if !h.NextArg() {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
|
|
|
moduleName := h.Val()
|
|
|
|
|
|
|
|
// can't use the usual caddyfile.Unmarshaler flow with the
|
|
|
|
// standard writers because they are in the caddy package
|
|
|
|
// (because they are the default) and implementing that
|
|
|
|
// interface there would unfortunately create circular import
|
|
|
|
var wo caddy.WriterOpener
|
|
|
|
switch moduleName {
|
|
|
|
case "stdout":
|
|
|
|
wo = caddy.StdoutWriter{}
|
|
|
|
case "stderr":
|
|
|
|
wo = caddy.StderrWriter{}
|
|
|
|
case "discard":
|
|
|
|
wo = caddy.DiscardWriter{}
|
|
|
|
default:
|
|
|
|
mod, err := caddy.GetModule("caddy.logging.writers." + moduleName)
|
|
|
|
if err != nil {
|
|
|
|
return nil, h.Errf("getting log writer module named '%s': %v", moduleName, err)
|
|
|
|
}
|
|
|
|
unm, ok := mod.New().(caddyfile.Unmarshaler)
|
|
|
|
if !ok {
|
|
|
|
return nil, h.Errf("log writer module '%s' is not a Caddyfile unmarshaler", mod)
|
|
|
|
}
|
|
|
|
err = unm.UnmarshalCaddyfile(h.NewFromNextSegment())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
wo, ok = unm.(caddy.WriterOpener)
|
|
|
|
if !ok {
|
|
|
|
return nil, h.Errf("module %s is not a WriterOpener", mod)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
cl.WriterRaw = caddyconfig.JSONModuleObject(wo, "output", moduleName, h.warnings)
|
|
|
|
|
|
|
|
case "format":
|
|
|
|
if !h.NextArg() {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
|
|
|
moduleName := h.Val()
|
|
|
|
mod, err := caddy.GetModule("caddy.logging.encoders." + moduleName)
|
|
|
|
if err != nil {
|
|
|
|
return nil, h.Errf("getting log encoder module named '%s': %v", moduleName, err)
|
|
|
|
}
|
|
|
|
unm, ok := mod.New().(caddyfile.Unmarshaler)
|
|
|
|
if !ok {
|
|
|
|
return nil, h.Errf("log encoder module '%s' is not a Caddyfile unmarshaler", mod)
|
|
|
|
}
|
|
|
|
err = unm.UnmarshalCaddyfile(h.NewFromNextSegment())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
enc, ok := unm.(zapcore.Encoder)
|
|
|
|
if !ok {
|
|
|
|
return nil, h.Errf("module %s is not a zapcore.Encoder", mod)
|
|
|
|
}
|
|
|
|
cl.EncoderRaw = caddyconfig.JSONModuleObject(enc, "format", moduleName, h.warnings)
|
|
|
|
|
|
|
|
case "level":
|
|
|
|
if !h.NextArg() {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
|
|
|
cl.Level = h.Val()
|
|
|
|
if h.NextArg() {
|
|
|
|
return nil, h.ArgErr()
|
|
|
|
}
|
|
|
|
|
|
|
|
default:
|
|
|
|
return nil, h.Errf("unrecognized subdirective: %s", h.Val())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var val namedCustomLog
|
|
|
|
if !reflect.DeepEqual(cl, new(caddy.CustomLog)) {
|
2020-03-05 00:58:49 +08:00
|
|
|
logCounter, ok := h.State["logCounter"].(int)
|
|
|
|
if !ok {
|
|
|
|
logCounter = 0
|
|
|
|
}
|
2020-02-26 13:00:33 +08:00
|
|
|
cl.Include = []string{"http.log.access"}
|
|
|
|
val.name = fmt.Sprintf("log%d", logCounter)
|
|
|
|
val.log = cl
|
|
|
|
logCounter++
|
2020-03-05 00:58:49 +08:00
|
|
|
h.State["logCounter"] = logCounter
|
2020-02-26 13:00:33 +08:00
|
|
|
}
|
|
|
|
configValues = append(configValues, ConfigValue{
|
|
|
|
Class: "custom_log",
|
|
|
|
Value: val,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
return configValues, nil
|
|
|
|
}
|