mirror of
https://github.com/caddyserver/caddy.git
synced 2025-12-08 06:09:53 +00:00
Apply global DNS resolvers to reverse proxy and ACME server modules
This commit is contained in:
Pavel Siomachkin
parent
b1a77d3c14
commit
83175d6d59
3 changed files with 99 additions and 1 deletions
|
|
@ -269,6 +269,34 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e
|
|||
return d.DialContext(ctx, addr.Network, addr.JoinHostPort(0))
|
||||
},
|
||||
}
|
||||
} else {
|
||||
// If no local resolver is configured, check for global resolvers from TLS app
|
||||
tlsAppIface, err := caddyCtx.App("tls")
|
||||
if err == nil {
|
||||
tlsApp := tlsAppIface.(*caddytls.TLS)
|
||||
if len(tlsApp.Resolvers) > 0 {
|
||||
// Create UpstreamResolver from global resolvers
|
||||
h.Resolver = &UpstreamResolver{
|
||||
Addresses: tlsApp.Resolvers,
|
||||
}
|
||||
err := h.Resolver.ParseAddresses()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
d := &net.Dialer{
|
||||
Timeout: time.Duration(h.DialTimeout),
|
||||
FallbackDelay: time.Duration(h.FallbackDelay),
|
||||
}
|
||||
dialer.Resolver = &net.Resolver{
|
||||
PreferGo: true,
|
||||
Dial: func(ctx context.Context, _, _ string) (net.Conn, error) {
|
||||
//nolint:gosec
|
||||
addr := h.Resolver.netAddrs[weakrand.Intn(len(h.Resolver.netAddrs))]
|
||||
return d.DialContext(ctx, addr.Network, addr.JoinHostPort(0))
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dialContext := func(ctx context.Context, network, address string) (net.Conn, error) {
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import (
|
|||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/modules/caddytls"
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
|
@ -106,6 +107,34 @@ func (su *SRVUpstreams) Provision(ctx caddy.Context) error {
|
|||
return d.DialContext(ctx, addr.Network, addr.JoinHostPort(0))
|
||||
},
|
||||
}
|
||||
} else {
|
||||
// If no local resolver is configured, check for global resolvers from TLS app
|
||||
tlsAppIface, err := ctx.App("tls")
|
||||
if err == nil {
|
||||
tlsApp := tlsAppIface.(*caddytls.TLS)
|
||||
if len(tlsApp.Resolvers) > 0 {
|
||||
// Create UpstreamResolver from global resolvers
|
||||
su.Resolver = &UpstreamResolver{
|
||||
Addresses: tlsApp.Resolvers,
|
||||
}
|
||||
err := su.Resolver.ParseAddresses()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
d := &net.Dialer{
|
||||
Timeout: time.Duration(su.DialTimeout),
|
||||
FallbackDelay: time.Duration(su.FallbackDelay),
|
||||
}
|
||||
su.resolver = &net.Resolver{
|
||||
PreferGo: true,
|
||||
Dial: func(ctx context.Context, _, _ string) (net.Conn, error) {
|
||||
//nolint:gosec
|
||||
addr := su.Resolver.netAddrs[weakrand.Intn(len(su.Resolver.netAddrs))]
|
||||
return d.DialContext(ctx, addr.Network, addr.JoinHostPort(0))
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if su.resolver == nil {
|
||||
su.resolver = net.DefaultResolver
|
||||
|
|
@ -326,6 +355,34 @@ func (au *AUpstreams) Provision(ctx caddy.Context) error {
|
|||
return d.DialContext(ctx, addr.Network, addr.JoinHostPort(0))
|
||||
},
|
||||
}
|
||||
} else {
|
||||
// If no local resolver is configured, check for global resolvers from TLS app
|
||||
tlsAppIface, err := ctx.App("tls")
|
||||
if err == nil {
|
||||
tlsApp := tlsAppIface.(*caddytls.TLS)
|
||||
if len(tlsApp.Resolvers) > 0 {
|
||||
// Create UpstreamResolver from global resolvers
|
||||
au.Resolver = &UpstreamResolver{
|
||||
Addresses: tlsApp.Resolvers,
|
||||
}
|
||||
err := au.Resolver.ParseAddresses()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
d := &net.Dialer{
|
||||
Timeout: time.Duration(au.DialTimeout),
|
||||
FallbackDelay: time.Duration(au.FallbackDelay),
|
||||
}
|
||||
au.resolver = &net.Resolver{
|
||||
PreferGo: true,
|
||||
Dial: func(ctx context.Context, _, _ string) (net.Conn, error) {
|
||||
//nolint:gosec
|
||||
addr := au.Resolver.netAddrs[weakrand.Intn(len(au.Resolver.netAddrs))]
|
||||
return d.DialContext(ctx, addr.Network, addr.JoinHostPort(0))
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if au.resolver == nil {
|
||||
au.resolver = net.DefaultResolver
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@ import (
|
|||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
||||
"github.com/caddyserver/caddy/v2/modules/caddypki"
|
||||
"github.com/caddyserver/caddy/v2/modules/caddytls"
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
|
@ -287,7 +288,19 @@ func (ash Handler) openDatabase() (*db.AuthDB, error) {
|
|||
// makeClient creates an ACME client which will use a custom
|
||||
// resolver instead of net.DefaultResolver.
|
||||
func (ash Handler) makeClient() (acme.Client, error) {
|
||||
for _, v := range ash.Resolvers {
|
||||
// If no local resolvers are configured, check for global resolvers from TLS app
|
||||
resolversToUse := ash.Resolvers
|
||||
if len(resolversToUse) == 0 {
|
||||
tlsAppIface, err := ash.ctx.App("tls")
|
||||
if err == nil {
|
||||
tlsApp := tlsAppIface.(*caddytls.TLS)
|
||||
if len(tlsApp.Resolvers) > 0 {
|
||||
resolversToUse = tlsApp.Resolvers
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for _, v := range resolversToUse {
|
||||
addr, err := caddy.ParseNetworkAddressWithDefaults(v, "udp", 53)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue