1
0
Fork 0
forked from TrueCloudLab/lego

Add interface:port override to HTTP-01 and TLS-01 instead of only port

This commit is contained in:
xenolf 2016-01-08 08:04:38 +01:00
parent 1193ae895a
commit de29381f7a
3 changed files with 53 additions and 25 deletions

View file

@ -9,6 +9,7 @@ import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"log" "log"
"net"
"net/http" "net/http"
"regexp" "regexp"
"strconv" "strconv"
@ -99,20 +100,38 @@ func NewClient(caDirURL string, user User, keyBits int) (*Client, error) {
return &Client{directory: dir, user: user, jws: jws, keyBits: keyBits, solvers: solvers}, nil return &Client{directory: dir, user: user, jws: jws, keyBits: keyBits, solvers: solvers}, nil
} }
// SetHTTPPort specifies a custom port to be used for HTTP based challenges. // SetHTTPAddress specifies a custom interface:port to be used for HTTP based challenges.
// If this option is not used, the default port 80 will be used. // If this option is not used, the default port 80 and all interfaces will be used.
func (c *Client) SetHTTPPort(port string) { // To only specify a port and no interface use the ":port" notation.
if chlng, ok := c.solvers["http-01"]; ok { func (c *Client) SetHTTPAddress(iface string) error {
chlng.(*httpChallenge).optPort = port host, port, err := net.SplitHostPort(iface)
} if err != nil {
return err
} }
// SetTLSPort specifies a custom port to be used for TLS based challenges. if chlng, ok := c.solvers["http-01"]; ok {
// If this option is not used, the default port 443 will be used. chlng.(*httpChallenge).iface = host
func (c *Client) SetTLSPort(port string) { chlng.(*httpChallenge).port = port
if chlng, ok := c.solvers["tls-sni-01"]; ok {
chlng.(*tlsSNIChallenge).optPort = port
} }
return nil
}
// SetTLSAddress specifies a custom interface:port to be used for TLS based challenges.
// If this option is not used, the default port 443 and all interfaces will be used.
// To only specify a port and no interface use the ":port" notation.
func (c *Client) SetTLSAddress(iface string) error {
host, port, err := net.SplitHostPort(iface)
if err != nil {
return err
}
if chlng, ok := c.solvers["tls-sni-01"]; ok {
chlng.(*tlsSNIChallenge).iface = host
chlng.(*tlsSNIChallenge).port = port
}
return nil
} }
// ExcludeChallenges explicitly removes challenges from the pool for solving. // ExcludeChallenges explicitly removes challenges from the pool for solving.

View file

@ -10,7 +10,8 @@ import (
type httpChallenge struct { type httpChallenge struct {
jws *jws jws *jws
validate validateFunc validate validateFunc
optPort string iface string
port string
} }
func (s *httpChallenge) Solve(chlng challenge, domain string) error { func (s *httpChallenge) Solve(chlng challenge, domain string) error {
@ -24,19 +25,20 @@ func (s *httpChallenge) Solve(chlng challenge, domain string) error {
} }
// Allow for CLI port override // Allow for CLI port override
port := ":80" port := "80"
if s.optPort != "" { if s.port != "" {
port = ":" + s.optPort port = s.port
} }
listener, err := net.Listen("tcp", domain+port) iface := ""
if err != nil { if s.iface != "" {
// if the domain:port bind failed, fall back to :port bind and try that instead. iface = s.iface
listener, err = net.Listen("tcp", port) }
listener, err := net.Listen("tcp", net.JoinHostPort(iface, port))
if err != nil { if err != nil {
return fmt.Errorf("Could not start HTTP server for challenge -> %v", err) return fmt.Errorf("Could not start HTTP server for challenge -> %v", err)
} }
}
defer listener.Close() defer listener.Close()
path := "/.well-known/acme-challenge/" + chlng.Token path := "/.well-known/acme-challenge/" + chlng.Token

View file

@ -6,13 +6,15 @@ import (
"crypto/tls" "crypto/tls"
"encoding/hex" "encoding/hex"
"fmt" "fmt"
"net"
"net/http" "net/http"
) )
type tlsSNIChallenge struct { type tlsSNIChallenge struct {
jws *jws jws *jws
validate validateFunc validate validateFunc
optPort string iface string
port string
} }
func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error { func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
@ -33,15 +35,20 @@ func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
} }
// Allow for CLI port override // Allow for CLI port override
port := ":443" port := "443"
if t.optPort != "" { if t.port != "" {
port = ":" + t.optPort port = t.port
}
iface := ""
if t.iface != "" {
iface = t.iface
} }
tlsConf := new(tls.Config) tlsConf := new(tls.Config)
tlsConf.Certificates = []tls.Certificate{cert} tlsConf.Certificates = []tls.Certificate{cert}
listener, err := tls.Listen("tcp", port, tlsConf) listener, err := tls.Listen("tcp", net.JoinHostPort(iface, port), tlsConf)
if err != nil { if err != nil {
return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err) return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
} }