mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-16 21:56:40 -05:00
caddytls: Support tags for manually-loaded certificates
This commit is contained in:
parent
d49f762f6d
commit
38677aaa58
6 changed files with 33 additions and 20 deletions
7
go.mod
7
go.mod
|
@ -6,7 +6,7 @@ require (
|
||||||
github.com/DataDog/zstd v1.4.0 // indirect
|
github.com/DataDog/zstd v1.4.0 // indirect
|
||||||
github.com/Masterminds/goutils v1.1.0 // indirect
|
github.com/Masterminds/goutils v1.1.0 // indirect
|
||||||
github.com/Masterminds/semver v1.4.2 // indirect
|
github.com/Masterminds/semver v1.4.2 // indirect
|
||||||
github.com/Masterminds/sprig v2.20.0+incompatible // indirect
|
github.com/Masterminds/sprig v2.20.0+incompatible
|
||||||
github.com/andybalholm/brotli v0.0.0-20190430215306-5c318f9037cb
|
github.com/andybalholm/brotli v0.0.0-20190430215306-5c318f9037cb
|
||||||
github.com/dustin/go-humanize v1.0.0
|
github.com/dustin/go-humanize v1.0.0
|
||||||
github.com/go-acme/lego v2.6.0+incompatible
|
github.com/go-acme/lego v2.6.0+incompatible
|
||||||
|
@ -16,14 +16,15 @@ require (
|
||||||
github.com/imdario/mergo v0.3.7 // indirect
|
github.com/imdario/mergo v0.3.7 // indirect
|
||||||
github.com/klauspost/compress v1.7.1-0.20190613161414-0b31f265a57b
|
github.com/klauspost/compress v1.7.1-0.20190613161414-0b31f265a57b
|
||||||
github.com/klauspost/cpuid v1.2.1
|
github.com/klauspost/cpuid v1.2.1
|
||||||
github.com/mholt/certmagic v0.6.2-0.20190621004807-be4f86a2eb60
|
github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2
|
||||||
github.com/rs/cors v1.6.0
|
github.com/rs/cors v1.6.0
|
||||||
github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
|
github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
|
||||||
github.com/starlight-go/starlight v0.0.0-20181207205707-b06f321544f3
|
github.com/starlight-go/starlight v0.0.0-20181207205707-b06f321544f3
|
||||||
go.starlark.net v0.0.0-20190604130855-6ddc71c0ba77
|
go.starlark.net v0.0.0-20190604130855-6ddc71c0ba77
|
||||||
golang.org/x/net v0.0.0-20190603091049-60506f45cf65
|
golang.org/x/net v0.0.0-20190603091049-60506f45cf65
|
||||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect
|
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
|
||||||
gopkg.in/russross/blackfriday.v2 v2.0.1
|
gopkg.in/russross/blackfriday.v2 v2.0.1
|
||||||
|
gopkg.in/yaml.v2 v2.2.2 // indirect
|
||||||
)
|
)
|
||||||
|
|
||||||
replace gopkg.in/russross/blackfriday.v2 v2.0.1 => github.com/russross/blackfriday/v2 v2.0.1
|
replace gopkg.in/russross/blackfriday.v2 v2.0.1 => github.com/russross/blackfriday/v2 v2.0.1
|
||||||
|
|
12
go.sum
12
go.sum
|
@ -32,12 +32,8 @@ github.com/klauspost/compress v1.7.1-0.20190613161414-0b31f265a57b/go.mod h1:RyI
|
||||||
github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
|
github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
|
||||||
github.com/klauspost/cpuid v1.2.1 h1:vJi+O/nMdFt0vqm8NZBI6wzALWdA2X+egi0ogNyrC/w=
|
github.com/klauspost/cpuid v1.2.1 h1:vJi+O/nMdFt0vqm8NZBI6wzALWdA2X+egi0ogNyrC/w=
|
||||||
github.com/klauspost/cpuid v1.2.1/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
|
github.com/klauspost/cpuid v1.2.1/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
|
||||||
github.com/mholt/certmagic v0.5.2-0.20190605043235-e49d0d405641 h1:wNqOQ0DFxcZDNpPChhHfL8KscFMnxARN6Q2FiX4/VKI=
|
github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2 h1:xKE9kZ5C8gelJC3+BNM6LJs1x21rivK7yxfTZMAuY2s=
|
||||||
github.com/mholt/certmagic v0.5.2-0.20190605043235-e49d0d405641/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
|
github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
|
||||||
github.com/mholt/certmagic v0.6.0 h1:gZwuBuONw2v8/fZh2nd39kvjFNjnSF2uIR4GzKaaryw=
|
|
||||||
github.com/mholt/certmagic v0.6.0/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
|
|
||||||
github.com/mholt/certmagic v0.6.2-0.20190621004807-be4f86a2eb60 h1:SALetD3LrWGNvna2JIwY1dG4W6rBKtoBehQtHjEKTpo=
|
|
||||||
github.com/mholt/certmagic v0.6.2-0.20190621004807-be4f86a2eb60/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
|
|
||||||
github.com/miekg/dns v1.1.3 h1:1g0r1IvskvgL8rR+AcHzUA+oFmGcQlaIm4IqakufeMM=
|
github.com/miekg/dns v1.1.3 h1:1g0r1IvskvgL8rR+AcHzUA+oFmGcQlaIm4IqakufeMM=
|
||||||
github.com/miekg/dns v1.1.3/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
|
github.com/miekg/dns v1.1.3/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
|
||||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||||
|
@ -70,5 +66,9 @@ golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
|
||||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
|
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
|
||||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||||
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||||
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
gopkg.in/square/go-jose.v2 v2.2.2 h1:orlkJ3myw8CN1nVQHBFfloD+L3egixIa4FvUP6RosSA=
|
gopkg.in/square/go-jose.v2 v2.2.2 h1:orlkJ3myw8CN1nVQHBFfloD+L3egixIa4FvUP6RosSA=
|
||||||
gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
|
gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
|
||||||
|
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
|
||||||
|
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||||
|
|
|
@ -243,6 +243,7 @@ func (app *App) automaticHTTPS() error {
|
||||||
})
|
})
|
||||||
|
|
||||||
// manage their certificates
|
// manage their certificates
|
||||||
|
log.Printf("[INFO] Enabling automatic HTTPS for %v", domains)
|
||||||
err := tlsApp.Manage(domains)
|
err := tlsApp.Manage(domains)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err)
|
return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err)
|
||||||
|
|
|
@ -21,14 +21,15 @@ type fileLoader []CertKeyFilePair
|
||||||
// CertKeyFilePair pairs certificate and key file names along with their
|
// CertKeyFilePair pairs certificate and key file names along with their
|
||||||
// encoding format so that they can be loaded from disk.
|
// encoding format so that they can be loaded from disk.
|
||||||
type CertKeyFilePair struct {
|
type CertKeyFilePair struct {
|
||||||
Certificate string `json:"certificate"`
|
Certificate string `json:"certificate"`
|
||||||
Key string `json:"key"`
|
Key string `json:"key"`
|
||||||
Format string `json:"format,omitempty"` // "pem" is default
|
Format string `json:"format,omitempty"` // "pem" is default
|
||||||
|
Tags []string `json:"tags,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadCertificates returns the certificates to be loaded by fl.
|
// LoadCertificates returns the certificates to be loaded by fl.
|
||||||
func (fl fileLoader) LoadCertificates() ([]tls.Certificate, error) {
|
func (fl fileLoader) LoadCertificates() ([]Certificate, error) {
|
||||||
var certs []tls.Certificate
|
var certs []Certificate
|
||||||
for _, pair := range fl {
|
for _, pair := range fl {
|
||||||
certData, err := ioutil.ReadFile(pair.Certificate)
|
certData, err := ioutil.ReadFile(pair.Certificate)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -52,7 +53,7 @@ func (fl fileLoader) LoadCertificates() ([]tls.Certificate, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
certs = append(certs, cert)
|
certs = append(certs, Certificate{Certificate: cert, Tags: pair.Tags})
|
||||||
}
|
}
|
||||||
return certs, nil
|
return certs, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,8 +29,8 @@ type folderLoader []string
|
||||||
// listed in fl from all files ending with .pem. This method of loading
|
// listed in fl from all files ending with .pem. This method of loading
|
||||||
// certificates expects the certificate and key to be bundled into the
|
// certificates expects the certificate and key to be bundled into the
|
||||||
// same file.
|
// same file.
|
||||||
func (fl folderLoader) LoadCertificates() ([]tls.Certificate, error) {
|
func (fl folderLoader) LoadCertificates() ([]Certificate, error) {
|
||||||
var certs []tls.Certificate
|
var certs []Certificate
|
||||||
for _, dir := range fl {
|
for _, dir := range fl {
|
||||||
err := filepath.Walk(dir, func(fpath string, info os.FileInfo, err error) error {
|
err := filepath.Walk(dir, func(fpath string, info os.FileInfo, err error) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -48,7 +48,7 @@ func (fl folderLoader) LoadCertificates() ([]tls.Certificate, error) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
certs = append(certs, cert)
|
certs = append(certs, Certificate{Certificate: cert})
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
})
|
})
|
||||||
|
@ -120,3 +120,5 @@ func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) {
|
||||||
|
|
||||||
return cert, nil
|
return cert, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var _ CertificateLoader = (folderLoader)(nil)
|
||||||
|
|
|
@ -98,7 +98,7 @@ func (t *TLS) Start() error {
|
||||||
Storage: t.ctx.Storage(),
|
Storage: t.ctx.Storage(),
|
||||||
})
|
})
|
||||||
for _, cert := range certs {
|
for _, cert := range certs {
|
||||||
err := magic.CacheUnmanagedTLSCertificate(cert)
|
err := magic.CacheUnmanagedTLSCertificate(cert.Certificate, cert.Tags)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("caching unmanaged certificate: %v", err)
|
return fmt.Errorf("caching unmanaged certificate: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -182,8 +182,16 @@ func (t *TLS) getAutomationPolicyForName(name string) AutomationPolicy {
|
||||||
}
|
}
|
||||||
|
|
||||||
// CertificateLoader is a type that can load certificates.
|
// CertificateLoader is a type that can load certificates.
|
||||||
|
// Certificates can optionally be associated with tags.
|
||||||
type CertificateLoader interface {
|
type CertificateLoader interface {
|
||||||
LoadCertificates() ([]tls.Certificate, error)
|
LoadCertificates() ([]Certificate, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Certificate is a TLS certificate, optionally
|
||||||
|
// associated with arbitrary tags.
|
||||||
|
type Certificate struct {
|
||||||
|
tls.Certificate
|
||||||
|
Tags []string
|
||||||
}
|
}
|
||||||
|
|
||||||
// AutomationConfig designates configuration for the
|
// AutomationConfig designates configuration for the
|
||||||
|
|
Loading…
Reference in a new issue