acme: new HTTP and TLS challenges implementations.

2020-10-29 15:40:04 +01:00 · 2020-10-29 15:40:04 +01:00 · 05333b9579
commit 05333b9579
parent 49cdb67ddc
13 changed files with 398 additions and 254 deletions
--- a/pkg/provider/traefik/internal.go
+++ b/pkg/provider/traefik/internal.go
@ -73,11 +73,39 @@ func (i *Provider) createConfiguration(ctx context.Context) *dynamic.Configurati
 	i.redirection(ctx, cfg)
 	i.serverTransport(cfg)

+	i.acme(cfg)
+
 	cfg.HTTP.Services["noop"] = &dynamic.Service{}

 	return cfg
 }

+func (i *Provider) acme(cfg *dynamic.Configuration) {
+	var eps []string
+
+	uniq := map[string]struct{}{}
+	for _, resolver := range i.staticCfg.CertificatesResolvers {
+		if resolver.ACME != nil && resolver.ACME.HTTPChallenge != nil && resolver.ACME.HTTPChallenge.EntryPoint != "" {
+			if _, ok := uniq[resolver.ACME.HTTPChallenge.EntryPoint]; !ok {
+				eps = append(eps, resolver.ACME.HTTPChallenge.EntryPoint)
+				uniq[resolver.ACME.HTTPChallenge.EntryPoint] = struct{}{}
+			}
+		}
+	}
+
+	if len(eps) > 0 {
+		rt := &dynamic.Router{
+			Rule:        "PathPrefix(`/.well-known/acme-challenge/`)",
+			EntryPoints: eps,
+			Service:     "acme-http@internal",
+			Priority:    math.MaxInt32,
+		}
+
+		cfg.HTTP.Routers["acme-http"] = rt
+		cfg.HTTP.Services["acme-http"] = &dynamic.Service{}
+	}
+}
+
 func (i *Provider) redirection(ctx context.Context, cfg *dynamic.Configuration) {
 	for name, ep := range i.staticCfg.EntryPoints {
 		if ep.HTTP.Redirections == nil {