forked from TrueCloudLab/lego
Add interface:port override to HTTP-01 and TLS-01 instead of only port
This commit is contained in:
parent
1193ae895a
commit
de29381f7a
3 changed files with 53 additions and 25 deletions
|
@ -9,6 +9,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
@ -99,20 +100,38 @@ func NewClient(caDirURL string, user User, keyBits int) (*Client, error) {
|
||||||
return &Client{directory: dir, user: user, jws: jws, keyBits: keyBits, solvers: solvers}, nil
|
return &Client{directory: dir, user: user, jws: jws, keyBits: keyBits, solvers: solvers}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetHTTPPort specifies a custom port to be used for HTTP based challenges.
|
// SetHTTPAddress specifies a custom interface:port to be used for HTTP based challenges.
|
||||||
// If this option is not used, the default port 80 will be used.
|
// If this option is not used, the default port 80 and all interfaces will be used.
|
||||||
func (c *Client) SetHTTPPort(port string) {
|
// To only specify a port and no interface use the ":port" notation.
|
||||||
if chlng, ok := c.solvers["http-01"]; ok {
|
func (c *Client) SetHTTPAddress(iface string) error {
|
||||||
chlng.(*httpChallenge).optPort = port
|
host, port, err := net.SplitHostPort(iface)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if chlng, ok := c.solvers["http-01"]; ok {
|
||||||
|
chlng.(*httpChallenge).iface = host
|
||||||
|
chlng.(*httpChallenge).port = port
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetTLSPort specifies a custom port to be used for TLS based challenges.
|
// SetTLSAddress specifies a custom interface:port to be used for TLS based challenges.
|
||||||
// If this option is not used, the default port 443 will be used.
|
// If this option is not used, the default port 443 and all interfaces will be used.
|
||||||
func (c *Client) SetTLSPort(port string) {
|
// To only specify a port and no interface use the ":port" notation.
|
||||||
if chlng, ok := c.solvers["tls-sni-01"]; ok {
|
func (c *Client) SetTLSAddress(iface string) error {
|
||||||
chlng.(*tlsSNIChallenge).optPort = port
|
host, port, err := net.SplitHostPort(iface)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if chlng, ok := c.solvers["tls-sni-01"]; ok {
|
||||||
|
chlng.(*tlsSNIChallenge).iface = host
|
||||||
|
chlng.(*tlsSNIChallenge).port = port
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ExcludeChallenges explicitly removes challenges from the pool for solving.
|
// ExcludeChallenges explicitly removes challenges from the pool for solving.
|
||||||
|
|
|
@ -10,7 +10,8 @@ import (
|
||||||
type httpChallenge struct {
|
type httpChallenge struct {
|
||||||
jws *jws
|
jws *jws
|
||||||
validate validateFunc
|
validate validateFunc
|
||||||
optPort string
|
iface string
|
||||||
|
port string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *httpChallenge) Solve(chlng challenge, domain string) error {
|
func (s *httpChallenge) Solve(chlng challenge, domain string) error {
|
||||||
|
@ -24,19 +25,20 @@ func (s *httpChallenge) Solve(chlng challenge, domain string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Allow for CLI port override
|
// Allow for CLI port override
|
||||||
port := ":80"
|
port := "80"
|
||||||
if s.optPort != "" {
|
if s.port != "" {
|
||||||
port = ":" + s.optPort
|
port = s.port
|
||||||
}
|
}
|
||||||
|
|
||||||
listener, err := net.Listen("tcp", domain+port)
|
iface := ""
|
||||||
if err != nil {
|
if s.iface != "" {
|
||||||
// if the domain:port bind failed, fall back to :port bind and try that instead.
|
iface = s.iface
|
||||||
listener, err = net.Listen("tcp", port)
|
}
|
||||||
|
|
||||||
|
listener, err := net.Listen("tcp", net.JoinHostPort(iface, port))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Could not start HTTP server for challenge -> %v", err)
|
return fmt.Errorf("Could not start HTTP server for challenge -> %v", err)
|
||||||
}
|
}
|
||||||
}
|
|
||||||
defer listener.Close()
|
defer listener.Close()
|
||||||
|
|
||||||
path := "/.well-known/acme-challenge/" + chlng.Token
|
path := "/.well-known/acme-challenge/" + chlng.Token
|
||||||
|
|
|
@ -6,13 +6,15 @@ import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
)
|
)
|
||||||
|
|
||||||
type tlsSNIChallenge struct {
|
type tlsSNIChallenge struct {
|
||||||
jws *jws
|
jws *jws
|
||||||
validate validateFunc
|
validate validateFunc
|
||||||
optPort string
|
iface string
|
||||||
|
port string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
|
func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
|
||||||
|
@ -33,15 +35,20 @@ func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Allow for CLI port override
|
// Allow for CLI port override
|
||||||
port := ":443"
|
port := "443"
|
||||||
if t.optPort != "" {
|
if t.port != "" {
|
||||||
port = ":" + t.optPort
|
port = t.port
|
||||||
|
}
|
||||||
|
|
||||||
|
iface := ""
|
||||||
|
if t.iface != "" {
|
||||||
|
iface = t.iface
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsConf := new(tls.Config)
|
tlsConf := new(tls.Config)
|
||||||
tlsConf.Certificates = []tls.Certificate{cert}
|
tlsConf.Certificates = []tls.Certificate{cert}
|
||||||
|
|
||||||
listener, err := tls.Listen("tcp", port, tlsConf)
|
listener, err := tls.Listen("tcp", net.JoinHostPort(iface, port), tlsConf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
|
return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue