removed the `acme` property from the `tls` config
This commit is contained in:
parent
503da9efd0
commit
0406d0cd93
|
@ -30,6 +30,8 @@ function mergeSettings(orig, changes) {
|
||||||
function fixRawConfig(config) {
|
function fixRawConfig(config) {
|
||||||
var updated = false;
|
var updated = false;
|
||||||
|
|
||||||
|
// First converge all of the `bind` properties for protocols that are on top
|
||||||
|
// of TCP to `tcp.bind`.
|
||||||
if (config.tcp && config.tcp.bind && !Array.isArray(config.tcp.bind)) {
|
if (config.tcp && config.tcp.bind && !Array.isArray(config.tcp.bind)) {
|
||||||
config.tcp.bind = [ config.tcp.bind ];
|
config.tcp.bind = [ config.tcp.bind ];
|
||||||
updated = true;
|
updated = true;
|
||||||
|
@ -47,12 +49,47 @@ function fixRawConfig(config) {
|
||||||
updated = true;
|
updated = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Then we rename dns to udp since the only thing we currently do with those
|
||||||
|
// modules is proxy the packets without inspecting them at all.
|
||||||
if (config.dns) {
|
if (config.dns) {
|
||||||
config.udp = config.dns;
|
config.udp = config.dns;
|
||||||
delete config.dns;
|
delete config.dns;
|
||||||
updated = true;
|
updated = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This we take the old way of defining ACME options and put them into a tls module.
|
||||||
|
if (config.tls) {
|
||||||
|
var oldPropMap = {
|
||||||
|
email: 'email'
|
||||||
|
, acme_directory_url: 'server'
|
||||||
|
, challenge_type: 'challenge_type'
|
||||||
|
, servernames: 'approved_domains'
|
||||||
|
};
|
||||||
|
if (Object.keys(oldPropMap).some(config.tls.hasOwnProperty, config.tls)) {
|
||||||
|
updated = true;
|
||||||
|
if (config.tls.acme) {
|
||||||
|
console.warn('TLS config has `acme` field and old style definitions');
|
||||||
|
} else {
|
||||||
|
config.tls.acme = {};
|
||||||
|
Object.keys(oldPropMap).forEach(function (oldKey) {
|
||||||
|
if (config.tls[oldKey]) {
|
||||||
|
config.tls.acme[oldPropMap[oldKey]] = config.tls[oldKey];
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (config.tls.acme) {
|
||||||
|
updated = true;
|
||||||
|
config.tls.acme.domains = config.tls.acme.approved_domains;
|
||||||
|
delete config.tls.acme.approved_domains;
|
||||||
|
config.tls.modules = config.tls.modules || [];
|
||||||
|
config.tls.modules.push(Object.assign({}, config.tls.acme, {type: 'acme'}));
|
||||||
|
delete config.tls.acme;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Then we make sure all modules have an ID and type, and makes sure all domains
|
||||||
|
// are in the right spot and also have an ID.
|
||||||
function updateModules(list) {
|
function updateModules(list) {
|
||||||
if (!Array.isArray(list)) {
|
if (!Array.isArray(list)) {
|
||||||
return;
|
return;
|
||||||
|
@ -100,9 +137,9 @@ function fixRawConfig(config) {
|
||||||
}
|
}
|
||||||
|
|
||||||
var newDom = {
|
var newDom = {
|
||||||
id: crypto.randomBytes(4).toString('hex'),
|
id: crypto.randomBytes(4).toString('hex')
|
||||||
names: dom.names,
|
, names: dom.names
|
||||||
modules: {}
|
, modules: {}
|
||||||
};
|
};
|
||||||
newDom.modules[name] = dom.modules;
|
newDom.modules[name] = dom.modules;
|
||||||
config.domains.push(newDom);
|
config.domains.push(newDom);
|
||||||
|
|
|
@ -45,7 +45,7 @@ var moduleSchemas = {
|
||||||
, properties: {
|
, properties: {
|
||||||
email: { type: 'string' }
|
email: { type: 'string' }
|
||||||
, server: { type: 'string' }
|
, server: { type: 'string' }
|
||||||
, challengeType: { type: 'string' }
|
, challenge_type: { type: 'string' }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
@ -120,22 +120,11 @@ var tlsSchema = {
|
||||||
, properties: {
|
, properties: {
|
||||||
modules: { type: 'array', items: addDomainRequirement({ oneOf: moduleRefs.tls }) }
|
modules: { type: 'array', items: addDomainRequirement({ oneOf: moduleRefs.tls }) }
|
||||||
|
|
||||||
, acme: {
|
|
||||||
type: 'object'
|
|
||||||
// These properties should be snake_case to match the API and config format
|
|
||||||
, required: [ 'email', 'approved_domains' ]
|
|
||||||
, properties: {
|
|
||||||
email: { type: 'string' }
|
|
||||||
, server: { type: 'string' }
|
|
||||||
, challenge_type: { type: 'string' }
|
|
||||||
, approved_domains: { type: 'array', items: { type: 'string' }, minLength: 1}
|
|
||||||
|
|
||||||
// these are forbidden deprecated settings.
|
// these are forbidden deprecated settings.
|
||||||
|
, acme: { not: {} }
|
||||||
, bind: { not: {} }
|
, bind: { not: {} }
|
||||||
, domains: { not: {} }
|
, domains: { not: {} }
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
var tcpSchema = {
|
var tcpSchema = {
|
||||||
|
@ -273,8 +262,8 @@ class DomainList extends IdList {
|
||||||
this._itemName = 'domain';
|
this._itemName = 'domain';
|
||||||
this.forEach(function (dom) {
|
this.forEach(function (dom) {
|
||||||
dom.modules = {
|
dom.modules = {
|
||||||
http: new ModuleList((dom.modules || {}).http),
|
http: new ModuleList((dom.modules || {}).http)
|
||||||
tls: new ModuleList((dom.modules || {}).tls),
|
, tls: new ModuleList((dom.modules || {}).tls)
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -288,8 +277,8 @@ class DomainList extends IdList {
|
||||||
}
|
}
|
||||||
|
|
||||||
var modLists = {
|
var modLists = {
|
||||||
http: new ModuleList(),
|
http: new ModuleList()
|
||||||
tls: new ModuleList()
|
, tls: new ModuleList()
|
||||||
};
|
};
|
||||||
if (dom.modules && Array.isArray(dom.modules.http)) {
|
if (dom.modules && Array.isArray(dom.modules.http)) {
|
||||||
dom.modules.http.forEach(modLists.http.add, modLists.http);
|
dom.modules.http.forEach(modLists.http.add, modLists.http);
|
||||||
|
|
|
@ -174,26 +174,6 @@ module.exports.create = function (deps, config, netHandler) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
var defAcmeConf;
|
|
||||||
if (config.tls.acme) {
|
|
||||||
defAcmeConf = config.tls.acme;
|
|
||||||
} else {
|
|
||||||
defAcmeConf = {
|
|
||||||
email: config.tls.email
|
|
||||||
, server: config.tls.acmeDirectoryUrl || le.server
|
|
||||||
, challengeType: config.tls.challengeType || le.challengeType
|
|
||||||
, approvedDomains: config.tls.servernames
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check config for domain name
|
|
||||||
// TODO: if `approvedDomains` isn't defined check all other modules to see if they can
|
|
||||||
// handle this domain (and what other domains it's grouped with).
|
|
||||||
if (-1 !== (defAcmeConf.approvedDomains || []).indexOf(opts.domain)) {
|
|
||||||
complete(defAcmeConf, defAcmeConf.approvedDomains);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
cb(new Error('domain is not allowed'));
|
cb(new Error('domain is not allowed'));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in New Issue