mirror of
https://github.com/caddyserver/caddy.git
synced 2024-11-22 12:43:58 +08:00
caddytls: Support tags for manually-loaded certificates
This commit is contained in:
Matthew Holt
parent
d49f762f6d
commit
38677aaa58
7
go.mod
7
go.mod
|
|
@ -6,7 +6,7 @@ require (
|
|||
github.com/DataDog/zstd v1.4.0 // indirect
|
||||
github.com/Masterminds/goutils v1.1.0 // indirect
|
||||
github.com/Masterminds/semver v1.4.2 // indirect
|
||||
github.com/Masterminds/sprig v2.20.0+incompatible // indirect
|
||||
github.com/Masterminds/sprig v2.20.0+incompatible
|
||||
github.com/andybalholm/brotli v0.0.0-20190430215306-5c318f9037cb
|
||||
github.com/dustin/go-humanize v1.0.0
|
||||
github.com/go-acme/lego v2.6.0+incompatible
|
||||
|
|
@ -16,14 +16,15 @@ require (
|
|||
github.com/imdario/mergo v0.3.7 // indirect
|
||||
github.com/klauspost/compress v1.7.1-0.20190613161414-0b31f265a57b
|
||||
github.com/klauspost/cpuid v1.2.1
|
||||
github.com/mholt/certmagic v0.6.2-0.20190621004807-be4f86a2eb60
|
||||
github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2
|
||||
github.com/rs/cors v1.6.0
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
|
||||
github.com/starlight-go/starlight v0.0.0-20181207205707-b06f321544f3
|
||||
go.starlark.net v0.0.0-20190604130855-6ddc71c0ba77
|
||||
golang.org/x/net v0.0.0-20190603091049-60506f45cf65
|
||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect
|
||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
|
||||
gopkg.in/russross/blackfriday.v2 v2.0.1
|
||||
gopkg.in/yaml.v2 v2.2.2 // indirect
|
||||
)
|
||||
|
||||
replace gopkg.in/russross/blackfriday.v2 v2.0.1 => github.com/russross/blackfriday/v2 v2.0.1
|
||||
|
|
|
|||
12
go.sum
12
go.sum
|
|
@ -32,12 +32,8 @@ github.com/klauspost/compress v1.7.1-0.20190613161414-0b31f265a57b/go.mod h1:RyI
|
|||
github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
|
||||
github.com/klauspost/cpuid v1.2.1 h1:vJi+O/nMdFt0vqm8NZBI6wzALWdA2X+egi0ogNyrC/w=
|
||||
github.com/klauspost/cpuid v1.2.1/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
|
||||
github.com/mholt/certmagic v0.5.2-0.20190605043235-e49d0d405641 h1:wNqOQ0DFxcZDNpPChhHfL8KscFMnxARN6Q2FiX4/VKI=
|
||||
github.com/mholt/certmagic v0.5.2-0.20190605043235-e49d0d405641/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
|
||||
github.com/mholt/certmagic v0.6.0 h1:gZwuBuONw2v8/fZh2nd39kvjFNjnSF2uIR4GzKaaryw=
|
||||
github.com/mholt/certmagic v0.6.0/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
|
||||
github.com/mholt/certmagic v0.6.2-0.20190621004807-be4f86a2eb60 h1:SALetD3LrWGNvna2JIwY1dG4W6rBKtoBehQtHjEKTpo=
|
||||
github.com/mholt/certmagic v0.6.2-0.20190621004807-be4f86a2eb60/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
|
||||
github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2 h1:xKE9kZ5C8gelJC3+BNM6LJs1x21rivK7yxfTZMAuY2s=
|
||||
github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
|
||||
github.com/miekg/dns v1.1.3 h1:1g0r1IvskvgL8rR+AcHzUA+oFmGcQlaIm4IqakufeMM=
|
||||
github.com/miekg/dns v1.1.3/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
|
|
@ -70,5 +66,9 @@ golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
|
|||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
|
||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/square/go-jose.v2 v2.2.2 h1:orlkJ3myw8CN1nVQHBFfloD+L3egixIa4FvUP6RosSA=
|
||||
gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
|
||||
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
|
|
|
|||
|
|
@ -243,6 +243,7 @@ func (app *App) automaticHTTPS() error {
|
|||
})
|
||||
|
||||
// manage their certificates
|
||||
log.Printf("[INFO] Enabling automatic HTTPS for %v", domains)
|
||||
err := tlsApp.Manage(domains)
|
||||
if err != nil {
|
||||
return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err)
|
||||
|
|
|
|||
|
|
@ -24,11 +24,12 @@ type CertKeyFilePair struct {
|
|||
Certificate string `json:"certificate"`
|
||||
Key string `json:"key"`
|
||||
Format string `json:"format,omitempty"` // "pem" is default
|
||||
Tags []string `json:"tags,omitempty"`
|
||||
}
|
||||
|
||||
// LoadCertificates returns the certificates to be loaded by fl.
|
||||
func (fl fileLoader) LoadCertificates() ([]tls.Certificate, error) {
|
||||
var certs []tls.Certificate
|
||||
func (fl fileLoader) LoadCertificates() ([]Certificate, error) {
|
||||
var certs []Certificate
|
||||
for _, pair := range fl {
|
||||
certData, err := ioutil.ReadFile(pair.Certificate)
|
||||
if err != nil {
|
||||
|
|
@ -52,7 +53,7 @@ func (fl fileLoader) LoadCertificates() ([]tls.Certificate, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
certs = append(certs, cert)
|
||||
certs = append(certs, Certificate{Certificate: cert, Tags: pair.Tags})
|
||||
}
|
||||
return certs, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,8 +29,8 @@ type folderLoader []string
|
|||
// listed in fl from all files ending with .pem. This method of loading
|
||||
// certificates expects the certificate and key to be bundled into the
|
||||
// same file.
|
||||
func (fl folderLoader) LoadCertificates() ([]tls.Certificate, error) {
|
||||
var certs []tls.Certificate
|
||||
func (fl folderLoader) LoadCertificates() ([]Certificate, error) {
|
||||
var certs []Certificate
|
||||
for _, dir := range fl {
|
||||
err := filepath.Walk(dir, func(fpath string, info os.FileInfo, err error) error {
|
||||
if err != nil {
|
||||
|
|
@ -48,7 +48,7 @@ func (fl folderLoader) LoadCertificates() ([]tls.Certificate, error) {
|
|||
return err
|
||||
}
|
||||
|
||||
certs = append(certs, cert)
|
||||
certs = append(certs, Certificate{Certificate: cert})
|
||||
|
||||
return nil
|
||||
})
|
||||
|
|
@ -120,3 +120,5 @@ func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) {
|
|||
|
||||
return cert, nil
|
||||
}
|
||||
|
||||
var _ CertificateLoader = (folderLoader)(nil)
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ func (t *TLS) Start() error {
|
|||
Storage: t.ctx.Storage(),
|
||||
})
|
||||
for _, cert := range certs {
|
||||
err := magic.CacheUnmanagedTLSCertificate(cert)
|
||||
err := magic.CacheUnmanagedTLSCertificate(cert.Certificate, cert.Tags)
|
||||
if err != nil {
|
||||
return fmt.Errorf("caching unmanaged certificate: %v", err)
|
||||
}
|
||||
|
|
@ -182,8 +182,16 @@ func (t *TLS) getAutomationPolicyForName(name string) AutomationPolicy {
|
|||
}
|
||||
|
||||
// CertificateLoader is a type that can load certificates.
|
||||
// Certificates can optionally be associated with tags.
|
||||
type CertificateLoader interface {
|
||||
LoadCertificates() ([]tls.Certificate, error)
|
||||
LoadCertificates() ([]Certificate, error)
|
||||
}
|
||||
|
||||
// Certificate is a TLS certificate, optionally
|
||||
// associated with arbitrary tags.
|
||||
type Certificate struct {
|
||||
tls.Certificate
|
||||
Tags []string
|
||||
}
|
||||
|
||||
// AutomationConfig designates configuration for the
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user