mirror of
https://github.com/caddyserver/caddy.git
synced 2024-11-29 04:10:16 +08:00
ACME challenge proxy now accounts for ListenHost (bind); fixes #1296
This commit is contained in:
parent
3198200479
commit
1da70d3ba1
|
@ -236,7 +236,7 @@ func (s *Server) serveHTTP(w http.ResponseWriter, r *http.Request) (int, error)
|
|||
if vhost == nil {
|
||||
// check for ACME challenge even if vhost is nil;
|
||||
// could be a new host coming online soon
|
||||
if caddytls.HTTPChallengeHandler(w, r, caddytls.DefaultHTTPAlternatePort) {
|
||||
if caddytls.HTTPChallengeHandler(w, r, "localhost", caddytls.DefaultHTTPAlternatePort) {
|
||||
return 0, nil
|
||||
}
|
||||
// otherwise, log the error and write a message to the client
|
||||
|
@ -297,7 +297,7 @@ func (s *Server) proxyHTTPChallenge(vhost *SiteConfig, w http.ResponseWriter, r
|
|||
if vhost.TLS != nil && vhost.TLS.AltHTTPPort != "" {
|
||||
altPort = vhost.TLS.AltHTTPPort
|
||||
}
|
||||
return caddytls.HTTPChallengeHandler(w, r, altPort)
|
||||
return caddytls.HTTPChallengeHandler(w, r, vhost.ListenHost, altPort)
|
||||
}
|
||||
|
||||
// Address returns the address s was assigned to listen on.
|
||||
|
|
|
@ -2,6 +2,7 @@ package caddytls
|
|||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"net/http/httputil"
|
||||
|
@ -15,7 +16,7 @@ const challengeBasePath = "/.well-known/acme-challenge"
|
|||
// request path starts with challengeBasePath. It returns true if it
|
||||
// handled the request and no more needs to be done; it returns false
|
||||
// if this call was a no-op and the request still needs handling.
|
||||
func HTTPChallengeHandler(w http.ResponseWriter, r *http.Request, altPort string) bool {
|
||||
func HTTPChallengeHandler(w http.ResponseWriter, r *http.Request, listenHost, altPort string) bool {
|
||||
if !strings.HasPrefix(r.URL.Path, challengeBasePath) {
|
||||
return false
|
||||
}
|
||||
|
@ -28,7 +29,7 @@ func HTTPChallengeHandler(w http.ResponseWriter, r *http.Request, altPort string
|
|||
scheme = "https"
|
||||
}
|
||||
|
||||
upstream, err := url.Parse(scheme + "://localhost:" + altPort)
|
||||
upstream, err := url.Parse(fmt.Sprintf("%s://%s:%s", scheme, listenHost, altPort))
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
log.Printf("[ERROR] ACME proxy handler: %v", err)
|
||||
|
|
|
@ -25,7 +25,7 @@ func TestHTTPChallengeHandlerNoOp(t *testing.T) {
|
|||
t.Fatalf("Could not craft request, got error: %v", err)
|
||||
}
|
||||
rw := httptest.NewRecorder()
|
||||
if HTTPChallengeHandler(rw, req, DefaultHTTPAlternatePort) {
|
||||
if HTTPChallengeHandler(rw, req, "", DefaultHTTPAlternatePort) {
|
||||
t.Errorf("Got true with this URL, but shouldn't have: %s", url)
|
||||
}
|
||||
}
|
||||
|
@ -62,7 +62,7 @@ func TestHTTPChallengeHandlerSuccess(t *testing.T) {
|
|||
}
|
||||
rw := httptest.NewRecorder()
|
||||
|
||||
HTTPChallengeHandler(rw, req, DefaultHTTPAlternatePort)
|
||||
HTTPChallengeHandler(rw, req, "", DefaultHTTPAlternatePort)
|
||||
|
||||
if !proxySuccess {
|
||||
t.Fatal("Expected request to be proxied, but it wasn't")
|
||||
|
|
Loading…
Reference in New Issue
Block a user