removed the `acme` property from the `tls` config
This commit is contained in:
tigerbot
parent
503da9efd0
commit
0406d0cd93
|
|
@ -30,6 +30,8 @@ function mergeSettings(orig, changes) {
|
|||
function fixRawConfig(config) {
|
||||
var updated = false;
|
||||
|
||||
// First converge all of the `bind` properties for protocols that are on top
|
||||
// of TCP to `tcp.bind`.
|
||||
if (config.tcp && config.tcp.bind && !Array.isArray(config.tcp.bind)) {
|
||||
config.tcp.bind = [ config.tcp.bind ];
|
||||
updated = true;
|
||||
|
|
@ -47,12 +49,47 @@ function fixRawConfig(config) {
|
|||
updated = true;
|
||||
}
|
||||
|
||||
// Then we rename dns to udp since the only thing we currently do with those
|
||||
// modules is proxy the packets without inspecting them at all.
|
||||
if (config.dns) {
|
||||
config.udp = config.dns;
|
||||
delete config.dns;
|
||||
updated = true;
|
||||
}
|
||||
|
||||
// This we take the old way of defining ACME options and put them into a tls module.
|
||||
if (config.tls) {
|
||||
var oldPropMap = {
|
||||
email: 'email'
|
||||
, acme_directory_url: 'server'
|
||||
, challenge_type: 'challenge_type'
|
||||
, servernames: 'approved_domains'
|
||||
};
|
||||
if (Object.keys(oldPropMap).some(config.tls.hasOwnProperty, config.tls)) {
|
||||
updated = true;
|
||||
if (config.tls.acme) {
|
||||
console.warn('TLS config has `acme` field and old style definitions');
|
||||
} else {
|
||||
config.tls.acme = {};
|
||||
Object.keys(oldPropMap).forEach(function (oldKey) {
|
||||
if (config.tls[oldKey]) {
|
||||
config.tls.acme[oldPropMap[oldKey]] = config.tls[oldKey];
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
if (config.tls.acme) {
|
||||
updated = true;
|
||||
config.tls.acme.domains = config.tls.acme.approved_domains;
|
||||
delete config.tls.acme.approved_domains;
|
||||
config.tls.modules = config.tls.modules || [];
|
||||
config.tls.modules.push(Object.assign({}, config.tls.acme, {type: 'acme'}));
|
||||
delete config.tls.acme;
|
||||
}
|
||||
}
|
||||
|
||||
// Then we make sure all modules have an ID and type, and makes sure all domains
|
||||
// are in the right spot and also have an ID.
|
||||
function updateModules(list) {
|
||||
if (!Array.isArray(list)) {
|
||||
return;
|
||||
|
|
@ -100,9 +137,9 @@ function fixRawConfig(config) {
|
|||
}
|
||||
|
||||
var newDom = {
|
||||
id: crypto.randomBytes(4).toString('hex'),
|
||||
names: dom.names,
|
||||
modules: {}
|
||||
id: crypto.randomBytes(4).toString('hex')
|
||||
, names: dom.names
|
||||
, modules: {}
|
||||
};
|
||||
newDom.modules[name] = dom.modules;
|
||||
config.domains.push(newDom);
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ var moduleSchemas = {
|
|||
, properties: {
|
||||
email: { type: 'string' }
|
||||
, server: { type: 'string' }
|
||||
, challengeType: { type: 'string' }
|
||||
, challenge_type: { type: 'string' }
|
||||
}
|
||||
}
|
||||
};
|
||||
|
|
@ -120,22 +120,11 @@ var tlsSchema = {
|
|||
, properties: {
|
||||
modules: { type: 'array', items: addDomainRequirement({ oneOf: moduleRefs.tls }) }
|
||||
|
||||
, acme: {
|
||||
type: 'object'
|
||||
// These properties should be snake_case to match the API and config format
|
||||
, required: [ 'email', 'approved_domains' ]
|
||||
, properties: {
|
||||
email: { type: 'string' }
|
||||
, server: { type: 'string' }
|
||||
, challenge_type: { type: 'string' }
|
||||
, approved_domains: { type: 'array', items: { type: 'string' }, minLength: 1}
|
||||
|
||||
// these are forbidden deprecated settings.
|
||||
, acme: { not: {} }
|
||||
, bind: { not: {} }
|
||||
, domains: { not: {} }
|
||||
}
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
var tcpSchema = {
|
||||
|
|
@ -273,8 +262,8 @@ class DomainList extends IdList {
|
|||
this._itemName = 'domain';
|
||||
this.forEach(function (dom) {
|
||||
dom.modules = {
|
||||
http: new ModuleList((dom.modules || {}).http),
|
||||
tls: new ModuleList((dom.modules || {}).tls),
|
||||
http: new ModuleList((dom.modules || {}).http)
|
||||
, tls: new ModuleList((dom.modules || {}).tls)
|
||||
};
|
||||
});
|
||||
}
|
||||
|
|
@ -288,8 +277,8 @@ class DomainList extends IdList {
|
|||
}
|
||||
|
||||
var modLists = {
|
||||
http: new ModuleList(),
|
||||
tls: new ModuleList()
|
||||
http: new ModuleList()
|
||||
, tls: new ModuleList()
|
||||
};
|
||||
if (dom.modules && Array.isArray(dom.modules.http)) {
|
||||
dom.modules.http.forEach(modLists.http.add, modLists.http);
|
||||
|
|
|
|||
|
|
@ -174,26 +174,6 @@ module.exports.create = function (deps, config, netHandler) {
|
|||
return;
|
||||
}
|
||||
|
||||
var defAcmeConf;
|
||||
if (config.tls.acme) {
|
||||
defAcmeConf = config.tls.acme;
|
||||
} else {
|
||||
defAcmeConf = {
|
||||
email: config.tls.email
|
||||
, server: config.tls.acmeDirectoryUrl || le.server
|
||||
, challengeType: config.tls.challengeType || le.challengeType
|
||||
, approvedDomains: config.tls.servernames
|
||||
};
|
||||
}
|
||||
|
||||
// Check config for domain name
|
||||
// TODO: if `approvedDomains` isn't defined check all other modules to see if they can
|
||||
// handle this domain (and what other domains it's grouped with).
|
||||
if (-1 !== (defAcmeConf.approvedDomains || []).indexOf(opts.domain)) {
|
||||
complete(defAcmeConf, defAcmeConf.approvedDomains);
|
||||
return;
|
||||
}
|
||||
|
||||
cb(new Error('domain is not allowed'));
|
||||
}
|
||||
});
|
||||
|
|
|
|||
Loading…
Reference in New Issue