mirror of
https://github.com/containous/traefik.git
synced 2024-12-22 13:34:03 +03:00
Fix acme.json file automatic creation
This commit is contained in:
parent
b1be062437
commit
3be74bb275
@ -46,9 +46,9 @@ type ACME struct {
|
||||
OnHostRule bool `description:"Enable certificate generation on frontends Host rules."`
|
||||
CAServer string `description:"CA server to use."`
|
||||
EntryPoint string `description:"Entrypoint to proxy acme challenge to."`
|
||||
DNSChallenge *acmeprovider.DNSChallenge `description:"Activate DNS-01 Challenge"`
|
||||
DNSChallenge *acmeprovider.DNSChallenge `description:"Activate DNS-02 Challenge"`
|
||||
HTTPChallenge *acmeprovider.HTTPChallenge `description:"Activate HTTP-01 Challenge"`
|
||||
DNSProvider string `description:"Activate DNS-01 Challenge (Deprecated)"` // deprecated
|
||||
DNSProvider string `description:"Activate DNS-02 Challenge (Deprecated)"` // deprecated
|
||||
DelayDontCheckDNS flaeg.Duration `description:"Assume DNS propagates after a delay in seconds rather than finding and querying nameservers."` // deprecated
|
||||
ACMELogging bool `description:"Enable debug logging of ACME actions."`
|
||||
client *acme.Client
|
||||
|
@ -26,7 +26,7 @@ func NewLocalStore(file string) *LocalStore {
|
||||
func (s *LocalStore) Get() (*Account, error) {
|
||||
account := &Account{}
|
||||
|
||||
hasData, err := checkFile(s.file)
|
||||
hasData, err := acme.CheckFile(s.file)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -195,6 +195,8 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
|
||||
err := cmd.Start()
|
||||
c.Assert(err, checker.IsNil)
|
||||
defer cmd.Process.Kill()
|
||||
// A real file is needed to have the right mode on acme.json file
|
||||
defer os.Remove("/tmp/acme.json")
|
||||
|
||||
backend := startTestServer("9010", http.StatusOK)
|
||||
defer backend.Close()
|
||||
|
@ -12,7 +12,7 @@ defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/dev/null"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
|
@ -11,7 +11,7 @@ defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/dev/null"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
|
@ -14,7 +14,7 @@ defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/dev/null"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
|
@ -12,7 +12,7 @@ defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/dev/null"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
|
@ -14,7 +14,7 @@ defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/dev/null"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
onHostRule = true
|
||||
caServer = "http://{{.BoulderHost}}:4001/directory"
|
||||
|
@ -14,7 +14,7 @@ defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/dev/null"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
onHostRule = true
|
||||
caServer = "http://wrongurl:4001/directory"
|
||||
|
@ -12,7 +12,7 @@ defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/dev/null"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
|
@ -12,7 +12,7 @@ defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/dev/null"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
onDemand = false
|
||||
onHostRule = false
|
||||
|
@ -12,7 +12,7 @@ defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/dev/null"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
|
@ -16,7 +16,7 @@ var _ Store = (*LocalStore)(nil)
|
||||
type LocalStore struct {
|
||||
filename string
|
||||
storedData *StoredData
|
||||
SaveDataChan chan *StoredData
|
||||
SaveDataChan chan *StoredData `json:"-"`
|
||||
}
|
||||
|
||||
// NewLocalStore initializes a new LocalStore with a file name
|
||||
@ -30,6 +30,12 @@ func (s *LocalStore) get() (*StoredData, error) {
|
||||
if s.storedData == nil {
|
||||
s.storedData = &StoredData{HTTPChallenges: make(map[string]map[string][]byte)}
|
||||
|
||||
hasData, err := CheckFile(s.filename)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if hasData {
|
||||
f, err := os.Open(s.filename)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -58,6 +64,7 @@ func (s *LocalStore) get() (*StoredData, error) {
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return s.storedData, nil
|
||||
}
|
||||
|
@ -7,10 +7,17 @@ import (
|
||||
"os"
|
||||
)
|
||||
|
||||
// Check file permissions and content size
|
||||
func checkFile(name string) (bool, error) {
|
||||
// CheckFile checks file permissions and content size
|
||||
func CheckFile(name string) (bool, error) {
|
||||
f, err := os.Open(name)
|
||||
if err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
f, err = os.Create(name)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return false, f.Chmod(0600)
|
||||
}
|
||||
return false, err
|
||||
}
|
||||
defer f.Close()
|
@ -2,11 +2,18 @@ package acme
|
||||
|
||||
import "os"
|
||||
|
||||
// Check file content size
|
||||
// CheckFile checks file content size
|
||||
// Do not check file permissions on Windows right now
|
||||
func checkFile(name string) (bool, error) {
|
||||
func CheckFile(name string) (bool, error) {
|
||||
f, err := os.Open(name)
|
||||
if err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
f, err = os.Create(name)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return false, f.Chmod(0600)
|
||||
}
|
||||
return false, err
|
||||
}
|
||||
defer f.Close()
|
@ -42,7 +42,7 @@ type Configuration struct {
|
||||
EntryPoint string `description:"EntryPoint to use."`
|
||||
OnHostRule bool `description:"Enable certificate generation on frontends Host rules."`
|
||||
OnDemand bool `description:"Enable on demand certificate generation. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate."` //deprecated
|
||||
DNSChallenge *DNSChallenge `description:"Activate DNS-01 Challenge"`
|
||||
DNSChallenge *DNSChallenge `description:"Activate DNS-02 Challenge"`
|
||||
HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge"`
|
||||
Domains []types.Domain `description:"CN and SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. No SANs for wildcards domain. Wildcard domains only accepted with DNSChallenge"`
|
||||
}
|
||||
@ -72,7 +72,7 @@ type Certificate struct {
|
||||
|
||||
// DNSChallenge contains DNS challenge Configuration
|
||||
type DNSChallenge struct {
|
||||
Provider string `description:"Use a DNS-01 based challenge provider rather than HTTPS."`
|
||||
Provider string `description:"Use a DNS-02 based challenge provider rather than HTTPS."`
|
||||
DelayBeforeCheck flaeg.Duration `description:"Assume DNS propagates after a delay in seconds rather than finding and querying nameservers."`
|
||||
}
|
||||
|
||||
@ -116,7 +116,7 @@ func (p *Provider) init() error {
|
||||
|
||||
p.certificates, err = p.Store.GetCertificates()
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to get ACME account : %v", err)
|
||||
return fmt.Errorf("unable to get ACME certificates : %v", err)
|
||||
}
|
||||
|
||||
p.watchCertificate()
|
||||
|
Loading…
Reference in New Issue
Block a user