mirror of
				https://github.com/caddyserver/caddy.git
				synced 2025-10-25 15:52:45 -04:00 
			
		
		
		
	
		
			Some checks failed
		
		
	
	Tests / test (./cmd/caddy/caddy, ~1.22.3, macos-14, 0, 1.22, mac) (push) Waiting to run
				
			Tests / test (./cmd/caddy/caddy, ~1.23.0, macos-14, 0, 1.23, mac) (push) Waiting to run
				
			Tests / test (./cmd/caddy/caddy.exe, ~1.22.3, windows-latest, True, 1.22, windows) (push) Waiting to run
				
			Tests / test (./cmd/caddy/caddy.exe, ~1.23.0, windows-latest, True, 1.23, windows) (push) Waiting to run
				
			Lint / lint (macos-14, mac) (push) Waiting to run
				
			Lint / lint (windows-latest, windows) (push) Waiting to run
				
			Tests / test (./cmd/caddy/caddy, ~1.22.3, ubuntu-latest, 0, 1.22, linux) (push) Failing after 3m44s
				
			Tests / test (./cmd/caddy/caddy, ~1.23.0, ubuntu-latest, 0, 1.23, linux) (push) Failing after 1m19s
				
			Tests / test (s390x on IBM Z) (push) Has been skipped
				
			Tests / goreleaser-check (push) Successful in 3m3s
				
			Cross-Build / build (~1.22.3, 1.22, aix) (push) Successful in 2m0s
				
			Cross-Build / build (~1.22.3, 1.22, darwin) (push) Successful in 1m28s
				
			Cross-Build / build (~1.22.3, 1.22, dragonfly) (push) Successful in 1m24s
				
			Cross-Build / build (~1.22.3, 1.22, freebsd) (push) Successful in 1m25s
				
			Cross-Build / build (~1.22.3, 1.22, illumos) (push) Successful in 1m24s
				
			Cross-Build / build (~1.22.3, 1.22, linux) (push) Successful in 1m25s
				
			Cross-Build / build (~1.22.3, 1.22, netbsd) (push) Successful in 1m26s
				
			Cross-Build / build (~1.22.3, 1.22, openbsd) (push) Successful in 1m40s
				
			Cross-Build / build (~1.22.3, 1.22, solaris) (push) Successful in 1m26s
				
			Cross-Build / build (~1.22.3, 1.22, windows) (push) Successful in 1m26s
				
			Cross-Build / build (~1.23.0, 1.23, aix) (push) Successful in 2m5s
				
			Cross-Build / build (~1.23.0, 1.23, darwin) (push) Successful in 1m15s
				
			Cross-Build / build (~1.23.0, 1.23, dragonfly) (push) Successful in 1m16s
				
			Cross-Build / build (~1.23.0, 1.23, freebsd) (push) Successful in 1m16s
				
			Cross-Build / build (~1.23.0, 1.23, illumos) (push) Successful in 1m15s
				
			Cross-Build / build (~1.23.0, 1.23, linux) (push) Successful in 1m17s
				
			Cross-Build / build (~1.23.0, 1.23, netbsd) (push) Successful in 1m16s
				
			Cross-Build / build (~1.23.0, 1.23, openbsd) (push) Successful in 1m16s
				
			Cross-Build / build (~1.23.0, 1.23, solaris) (push) Successful in 1m15s
				
			Cross-Build / build (~1.23.0, 1.23, windows) (push) Successful in 1m16s
				
			Lint / lint (ubuntu-latest, linux) (push) Successful in 2m12s
				
			Lint / govulncheck (push) Successful in 1m27s
				
			* httpcaddyfile: Fixes for prefer_wildcard mode The wildcard hosts need to be collected first, then considered after, because there's no guarantee that all non-wildcards will appear after all wildcards when looping. Also we should not add a domain to Skip if it doesn't qualify for TLS anyway. * Alternate solution by avoiding adding APs altogether if covered by wildcard
		
			
				
	
	
		
			268 lines
		
	
	
		
			4.3 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			268 lines
		
	
	
		
			4.3 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| {
 | |
| 	auto_https prefer_wildcard
 | |
| }
 | |
| 
 | |
| # Covers two domains
 | |
| *.one.example.com {
 | |
| 	tls {
 | |
| 		dns mock
 | |
| 	}
 | |
| 	respond "one fallback"
 | |
| }
 | |
| 
 | |
| # Is covered, should not get its own AP
 | |
| foo.one.example.com {
 | |
| 	respond "foo one"
 | |
| }
 | |
| 
 | |
| # This one has its own tls config so it doesn't get covered (escape hatch)
 | |
| bar.one.example.com {
 | |
| 	respond "bar one"
 | |
| 	tls bar@bar.com
 | |
| }
 | |
| 
 | |
| # Covers nothing but AP gets consolidated with the first
 | |
| *.two.example.com {
 | |
| 	tls {
 | |
| 		dns mock
 | |
| 	}
 | |
| 	respond "two fallback"
 | |
| }
 | |
| 
 | |
| # Is HTTP so it should not cover
 | |
| http://*.three.example.com {
 | |
| 	respond "three fallback"
 | |
| }
 | |
| 
 | |
| # Has no wildcard coverage so it gets an AP
 | |
| foo.three.example.com {
 | |
| 	respond "foo three"
 | |
| }
 | |
| ----------
 | |
| {
 | |
| 	"apps": {
 | |
| 		"http": {
 | |
| 			"servers": {
 | |
| 				"srv0": {
 | |
| 					"listen": [
 | |
| 						":443"
 | |
| 					],
 | |
| 					"routes": [
 | |
| 						{
 | |
| 							"match": [
 | |
| 								{
 | |
| 									"host": [
 | |
| 										"foo.three.example.com"
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"handle": [
 | |
| 								{
 | |
| 									"handler": "subroute",
 | |
| 									"routes": [
 | |
| 										{
 | |
| 											"handle": [
 | |
| 												{
 | |
| 													"body": "foo three",
 | |
| 													"handler": "static_response"
 | |
| 												}
 | |
| 											]
 | |
| 										}
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"terminal": true
 | |
| 						},
 | |
| 						{
 | |
| 							"match": [
 | |
| 								{
 | |
| 									"host": [
 | |
| 										"foo.one.example.com"
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"handle": [
 | |
| 								{
 | |
| 									"handler": "subroute",
 | |
| 									"routes": [
 | |
| 										{
 | |
| 											"handle": [
 | |
| 												{
 | |
| 													"body": "foo one",
 | |
| 													"handler": "static_response"
 | |
| 												}
 | |
| 											]
 | |
| 										}
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"terminal": true
 | |
| 						},
 | |
| 						{
 | |
| 							"match": [
 | |
| 								{
 | |
| 									"host": [
 | |
| 										"bar.one.example.com"
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"handle": [
 | |
| 								{
 | |
| 									"handler": "subroute",
 | |
| 									"routes": [
 | |
| 										{
 | |
| 											"handle": [
 | |
| 												{
 | |
| 													"body": "bar one",
 | |
| 													"handler": "static_response"
 | |
| 												}
 | |
| 											]
 | |
| 										}
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"terminal": true
 | |
| 						},
 | |
| 						{
 | |
| 							"match": [
 | |
| 								{
 | |
| 									"host": [
 | |
| 										"*.one.example.com"
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"handle": [
 | |
| 								{
 | |
| 									"handler": "subroute",
 | |
| 									"routes": [
 | |
| 										{
 | |
| 											"handle": [
 | |
| 												{
 | |
| 													"body": "one fallback",
 | |
| 													"handler": "static_response"
 | |
| 												}
 | |
| 											]
 | |
| 										}
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"terminal": true
 | |
| 						},
 | |
| 						{
 | |
| 							"match": [
 | |
| 								{
 | |
| 									"host": [
 | |
| 										"*.two.example.com"
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"handle": [
 | |
| 								{
 | |
| 									"handler": "subroute",
 | |
| 									"routes": [
 | |
| 										{
 | |
| 											"handle": [
 | |
| 												{
 | |
| 													"body": "two fallback",
 | |
| 													"handler": "static_response"
 | |
| 												}
 | |
| 											]
 | |
| 										}
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"terminal": true
 | |
| 						}
 | |
| 					],
 | |
| 					"automatic_https": {
 | |
| 						"skip_certificates": [
 | |
| 							"foo.one.example.com",
 | |
| 							"bar.one.example.com"
 | |
| 						],
 | |
| 						"prefer_wildcard": true
 | |
| 					}
 | |
| 				},
 | |
| 				"srv1": {
 | |
| 					"listen": [
 | |
| 						":80"
 | |
| 					],
 | |
| 					"routes": [
 | |
| 						{
 | |
| 							"match": [
 | |
| 								{
 | |
| 									"host": [
 | |
| 										"*.three.example.com"
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"handle": [
 | |
| 								{
 | |
| 									"handler": "subroute",
 | |
| 									"routes": [
 | |
| 										{
 | |
| 											"handle": [
 | |
| 												{
 | |
| 													"body": "three fallback",
 | |
| 													"handler": "static_response"
 | |
| 												}
 | |
| 											]
 | |
| 										}
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"terminal": true
 | |
| 						}
 | |
| 					],
 | |
| 					"automatic_https": {
 | |
| 						"prefer_wildcard": true
 | |
| 					}
 | |
| 				}
 | |
| 			}
 | |
| 		},
 | |
| 		"tls": {
 | |
| 			"automation": {
 | |
| 				"policies": [
 | |
| 					{
 | |
| 						"subjects": [
 | |
| 							"foo.three.example.com"
 | |
| 						]
 | |
| 					},
 | |
| 					{
 | |
| 						"subjects": [
 | |
| 							"bar.one.example.com"
 | |
| 						],
 | |
| 						"issuers": [
 | |
| 							{
 | |
| 								"email": "bar@bar.com",
 | |
| 								"module": "acme"
 | |
| 							},
 | |
| 							{
 | |
| 								"ca": "https://acme.zerossl.com/v2/DV90",
 | |
| 								"email": "bar@bar.com",
 | |
| 								"module": "acme"
 | |
| 							}
 | |
| 						]
 | |
| 					},
 | |
| 					{
 | |
| 						"subjects": [
 | |
| 							"*.one.example.com",
 | |
| 							"*.two.example.com"
 | |
| 						],
 | |
| 						"issuers": [
 | |
| 							{
 | |
| 								"challenges": {
 | |
| 									"dns": {
 | |
| 										"provider": {
 | |
| 											"name": "mock"
 | |
| 										}
 | |
| 									}
 | |
| 								},
 | |
| 								"module": "acme"
 | |
| 							}
 | |
| 						]
 | |
| 					}
 | |
| 				]
 | |
| 			}
 | |
| 		}
 | |
| 	}
 | |
| } |