Stowage/caddy
2
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-10-19 07:43:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

httpcaddyfile: Fix generated config related to ACME global options

Browse source 
If global DNS provider is configured, it does not need to be repeated in the JSON.

If acme_* options are used, base automation policies should populate their issuers accordingly.

Global issuer settings like acme_* options don't need to specify subjects in the automation policy since they should apply as a global default.
This commit is contained in:
Matthew Holt 2025-08-04 16:20:49 -06:00
parent e4447c4ba7
commit 0badb071ef
3 changed files with 21 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

22
caddyconfig/httpcaddyfile/tlsapp.go
View file

@ -571,6 +571,10 @@ func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]any) e
return fmt.Errorf("acme_dns specified without DNS provider config, but no provider specified with 'dns' global option")
}
}
acmeIssuer.Challenges = &caddytls.ChallengesConfig{
DNS: new(caddytls.DNSChallengeConfig),
}
} else if globalACMEDNS != nil {
acmeIssuer.Challenges = &caddytls.ChallengesConfig{
DNS: &caddytls.DNSChallengeConfig{
ProviderRaw: caddyconfig.JSONModuleObject(globalACMEDNS, "name", globalACMEDNS.(caddy.Module).CaddyModule().ID.Name(), nil),
@ -622,12 +626,18 @@ func newBaseAutomationPolicy(
_, hasLocalCerts := options["local_certs"]
keyType, hasKeyType := options["key_type"]
ocspStapling, hasOCSPStapling := options["ocsp_stapling"]
hasGlobalAutomationOpts := hasIssuers || hasLocalCerts || hasKeyType || hasOCSPStapling
globalACMECA := options["acme_ca"]
globalACMECARoot := options["acme_ca_root"]
_, globalACMEDNS := options["acme_dns"] // can be set to nil (to use globally-defined "dns" value instead), but it is still set
globalACMEEAB := options["acme_eab"]
globalPreferredChains := options["preferred_chains"]
hasGlobalACMEDefaults := globalACMECA != nil || globalACMECARoot != nil || globalACMEDNS || globalACMEEAB != nil || globalPreferredChains != nil
// if there are no global options related to automation policies
// set, then we can just return right away
if !hasGlobalAutomationOpts {
if !hasGlobalAutomationOpts && !hasGlobalACMEDefaults {
if always {
return new(caddytls.AutomationPolicy), nil
}
@ -649,6 +659,14 @@ func newBaseAutomationPolicy(
ap.Issuers = []certmagic.Issuer{new(caddytls.InternalIssuer)}
}
if hasGlobalACMEDefaults {
for i := range ap.Issuers {
if err := fillInGlobalACMEDefaults(ap.Issuers[i], options); err != nil {
return nil, fmt.Errorf("filling in global issuer defaults for issuer %d: %v", i, err)
}
}
}
if hasOCSPStapling {
ocspConfig := ocspStapling.(certmagic.OCSPConfig)
ap.DisableOCSPStapling = ocspConfig.DisableStapling