Skip to content

Commit 8b05eb4

Browse files
liujedliujed
committed
Turn on TLS automation
1 parent 5b27f67 commit 8b05eb4

File tree

2 files changed

+59
-3
lines changed

2 files changed

+59
-3
lines changed

app.go

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ import (
99
"github.com/caddyserver/caddy/v2"
1010
"github.com/caddyserver/caddy/v2/caddyconfig"
1111
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
12+
"github.com/caddyserver/caddy/v2/modules/caddytls"
1213
)
1314

1415
func init() {
@@ -19,6 +20,9 @@ func init() {
1920
type App struct {
2021
Handler
2122

23+
// The server's hostnames. Used for obtaining TLS certificates.
24+
Hostnames []string `json:"hostnames"`
25+
2226
// The sockets on which to listen.
2327
Listen []string `json:"listen"`
2428

@@ -53,8 +57,19 @@ func (app *App) Provision(ctx caddy.Context) error {
5357
Routes: app.makeRoutes(),
5458
TrustedProxiesRaw: app.TrustedProxiesRaw,
5559

60+
// Turn off HTTP-to-HTTPS redirection. It masks insecure client
61+
// configurations.
62+
AutoHTTPS: &caddyhttp.AutoHTTPSConfig{
63+
DisableRedir: true,
64+
},
65+
5666
// Turns on logging.
5767
Logs: &caddyhttp.ServerLogConfig{},
68+
69+
// Turns on TLS.
70+
TLSConnPolicies: caddytls.ConnectionPolicies{
71+
&caddytls.ConnectionPolicy{},
72+
},
5873
},
5974
},
6075
},
@@ -80,6 +95,14 @@ func (app *App) Stop() error {
8095
func (app *App) makeRoutes() caddyhttp.RouteList {
8196
return caddyhttp.RouteList{
8297
{
98+
MatcherSetsRaw: caddyhttp.RawMatcherSets{
99+
{
100+
"host": caddyconfig.JSON(
101+
app.Hostnames,
102+
nil,
103+
),
104+
},
105+
},
83106
HandlersRaw: []json.RawMessage{
84107
caddyconfig.JSONModuleObject(
85108
app.Handler,
@@ -101,3 +124,31 @@ func (app *App) makeRoutes() caddyhttp.RouteList {
101124
},
102125
}
103126
}
127+
128+
// Returns a TLS app configuration that uses the user-specified DNS provider for
129+
// ACME challenges during TLS automation.
130+
func (app *App) MakeTLSConfig() caddytls.TLS {
131+
return caddytls.TLS{
132+
Automation: &caddytls.AutomationConfig{
133+
Policies: []*caddytls.AutomationPolicy{
134+
{
135+
IssuersRaw: []json.RawMessage{
136+
caddyconfig.JSONModuleObject(
137+
caddytls.ACMEIssuer{
138+
Challenges: &caddytls.ChallengesConfig{
139+
DNS: &caddytls.DNSChallengeConfig{
140+
ProviderRaw: app.DNS.ProviderRaw,
141+
Resolvers: app.DNS.Resolvers,
142+
},
143+
},
144+
},
145+
"module",
146+
"acme",
147+
nil,
148+
),
149+
},
150+
},
151+
},
152+
},
153+
}
154+
}

caddy_config.go

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,15 +25,20 @@ func caddyConfigFromConfigFile(path string) (*caddy.Config, error) {
2525
config.Listen = []string{defaultListen}
2626
}
2727

28+
appsRaw := caddy.ModuleMap{
29+
"dns01proxy": caddyconfig.JSON(config, nil),
30+
31+
// Configure TLS automation to use the DNS provider.
32+
"tls": caddyconfig.JSON(config.MakeTLSConfig(), nil),
33+
}
34+
2835
return &caddy.Config{
2936
Admin: &caddy.AdminConfig{
3037
Disabled: true,
3138
Config: &caddy.ConfigSettings{
3239
Persist: ptr.Of(false),
3340
},
3441
},
35-
AppsRaw: caddy.ModuleMap{
36-
"dns01proxy": caddyconfig.JSON(config, nil),
37-
},
42+
AppsRaw: appsRaw,
3843
}, nil
3944
}

0 commit comments

Comments
 (0)