Add interface:port override to HTTP-01 and TLS-01 instead of only port
This commit is contained in:
parent
1193ae895a
commit
de29381f7a
3 changed files with 53 additions and 25 deletions
|
@ -9,6 +9,7 @@ import (
|
|||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strconv"
|
||||
|
@ -99,20 +100,38 @@ func NewClient(caDirURL string, user User, keyBits int) (*Client, error) {
|
|||
return &Client{directory: dir, user: user, jws: jws, keyBits: keyBits, solvers: solvers}, nil
|
||||
}
|
||||
|
||||
// SetHTTPPort specifies a custom port to be used for HTTP based challenges.
|
||||
// If this option is not used, the default port 80 will be used.
|
||||
func (c *Client) SetHTTPPort(port string) {
|
||||
if chlng, ok := c.solvers["http-01"]; ok {
|
||||
chlng.(*httpChallenge).optPort = port
|
||||
}
|
||||
// SetHTTPAddress specifies a custom interface:port to be used for HTTP based challenges.
|
||||
// If this option is not used, the default port 80 and all interfaces will be used.
|
||||
// To only specify a port and no interface use the ":port" notation.
|
||||
func (c *Client) SetHTTPAddress(iface string) error {
|
||||
host, port, err := net.SplitHostPort(iface)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// SetTLSPort specifies a custom port to be used for TLS based challenges.
|
||||
// If this option is not used, the default port 443 will be used.
|
||||
func (c *Client) SetTLSPort(port string) {
|
||||
if chlng, ok := c.solvers["tls-sni-01"]; ok {
|
||||
chlng.(*tlsSNIChallenge).optPort = port
|
||||
if chlng, ok := c.solvers["http-01"]; ok {
|
||||
chlng.(*httpChallenge).iface = host
|
||||
chlng.(*httpChallenge).port = port
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// SetTLSAddress specifies a custom interface:port to be used for TLS based challenges.
|
||||
// If this option is not used, the default port 443 and all interfaces will be used.
|
||||
// To only specify a port and no interface use the ":port" notation.
|
||||
func (c *Client) SetTLSAddress(iface string) error {
|
||||
host, port, err := net.SplitHostPort(iface)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if chlng, ok := c.solvers["tls-sni-01"]; ok {
|
||||
chlng.(*tlsSNIChallenge).iface = host
|
||||
chlng.(*tlsSNIChallenge).port = port
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ExcludeChallenges explicitly removes challenges from the pool for solving.
|
||||
|
|
|
@ -10,7 +10,8 @@ import (
|
|||
type httpChallenge struct {
|
||||
jws *jws
|
||||
validate validateFunc
|
||||
optPort string
|
||||
iface string
|
||||
port string
|
||||
}
|
||||
|
||||
func (s *httpChallenge) Solve(chlng challenge, domain string) error {
|
||||
|
@ -24,19 +25,20 @@ func (s *httpChallenge) Solve(chlng challenge, domain string) error {
|
|||
}
|
||||
|
||||
// Allow for CLI port override
|
||||
port := ":80"
|
||||
if s.optPort != "" {
|
||||
port = ":" + s.optPort
|
||||
port := "80"
|
||||
if s.port != "" {
|
||||
port = s.port
|
||||
}
|
||||
|
||||
listener, err := net.Listen("tcp", domain+port)
|
||||
if err != nil {
|
||||
// if the domain:port bind failed, fall back to :port bind and try that instead.
|
||||
listener, err = net.Listen("tcp", port)
|
||||
iface := ""
|
||||
if s.iface != "" {
|
||||
iface = s.iface
|
||||
}
|
||||
|
||||
listener, err := net.Listen("tcp", net.JoinHostPort(iface, port))
|
||||
if err != nil {
|
||||
return fmt.Errorf("Could not start HTTP server for challenge -> %v", err)
|
||||
}
|
||||
}
|
||||
defer listener.Close()
|
||||
|
||||
path := "/.well-known/acme-challenge/" + chlng.Token
|
||||
|
|
|
@ -6,13 +6,15 @@ import (
|
|||
"crypto/tls"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
type tlsSNIChallenge struct {
|
||||
jws *jws
|
||||
validate validateFunc
|
||||
optPort string
|
||||
iface string
|
||||
port string
|
||||
}
|
||||
|
||||
func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
|
||||
|
@ -33,15 +35,20 @@ func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
|
|||
}
|
||||
|
||||
// Allow for CLI port override
|
||||
port := ":443"
|
||||
if t.optPort != "" {
|
||||
port = ":" + t.optPort
|
||||
port := "443"
|
||||
if t.port != "" {
|
||||
port = t.port
|
||||
}
|
||||
|
||||
iface := ""
|
||||
if t.iface != "" {
|
||||
iface = t.iface
|
||||
}
|
||||
|
||||
tlsConf := new(tls.Config)
|
||||
tlsConf.Certificates = []tls.Certificate{cert}
|
||||
|
||||
listener, err := tls.Listen("tcp", port, tlsConf)
|
||||
listener, err := tls.Listen("tcp", net.JoinHostPort(iface, port), tlsConf)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue