ACME challenge proxy now accounts for ListenHost (bind); fixes #1296

This commit is contained in:
Matthew Holt 2016-12-23 09:40:03 -07:00
parent 3198200479
commit 1da70d3ba1
No known key found for this signature in database
GPG Key ID: 2A349DD577D586A5
3 changed files with 7 additions and 6 deletions

View File

@ -236,7 +236,7 @@ func (s *Server) serveHTTP(w http.ResponseWriter, r *http.Request) (int, error)
if vhost == nil {
// check for ACME challenge even if vhost is nil;
// could be a new host coming online soon
if caddytls.HTTPChallengeHandler(w, r, caddytls.DefaultHTTPAlternatePort) {
if caddytls.HTTPChallengeHandler(w, r, "localhost", caddytls.DefaultHTTPAlternatePort) {
return 0, nil
}
// otherwise, log the error and write a message to the client
@ -297,7 +297,7 @@ func (s *Server) proxyHTTPChallenge(vhost *SiteConfig, w http.ResponseWriter, r
if vhost.TLS != nil && vhost.TLS.AltHTTPPort != "" {
altPort = vhost.TLS.AltHTTPPort
}
return caddytls.HTTPChallengeHandler(w, r, altPort)
return caddytls.HTTPChallengeHandler(w, r, vhost.ListenHost, altPort)
}
// Address returns the address s was assigned to listen on.

View File

@ -2,6 +2,7 @@ package caddytls
import (
"crypto/tls"
"fmt"
"log"
"net/http"
"net/http/httputil"
@ -15,7 +16,7 @@ const challengeBasePath = "/.well-known/acme-challenge"
// request path starts with challengeBasePath. It returns true if it
// handled the request and no more needs to be done; it returns false
// if this call was a no-op and the request still needs handling.
func HTTPChallengeHandler(w http.ResponseWriter, r *http.Request, altPort string) bool {
func HTTPChallengeHandler(w http.ResponseWriter, r *http.Request, listenHost, altPort string) bool {
if !strings.HasPrefix(r.URL.Path, challengeBasePath) {
return false
}
@ -28,7 +29,7 @@ func HTTPChallengeHandler(w http.ResponseWriter, r *http.Request, altPort string
scheme = "https"
}
upstream, err := url.Parse(scheme + "://localhost:" + altPort)
upstream, err := url.Parse(fmt.Sprintf("%s://%s:%s", scheme, listenHost, altPort))
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
log.Printf("[ERROR] ACME proxy handler: %v", err)

View File

@ -25,7 +25,7 @@ func TestHTTPChallengeHandlerNoOp(t *testing.T) {
t.Fatalf("Could not craft request, got error: %v", err)
}
rw := httptest.NewRecorder()
if HTTPChallengeHandler(rw, req, DefaultHTTPAlternatePort) {
if HTTPChallengeHandler(rw, req, "", DefaultHTTPAlternatePort) {
t.Errorf("Got true with this URL, but shouldn't have: %s", url)
}
}
@ -62,7 +62,7 @@ func TestHTTPChallengeHandlerSuccess(t *testing.T) {
}
rw := httptest.NewRecorder()
HTTPChallengeHandler(rw, req, DefaultHTTPAlternatePort)
HTTPChallengeHandler(rw, req, "", DefaultHTTPAlternatePort)
if !proxySuccess {
t.Fatal("Expected request to be proxied, but it wasn't")