Don't fetch ACME certificates for frontends using non-TLS entrypoints
This commit is contained in:
Matthieu Martin
parent
d74ea22d7d
commit
2bfc237e53
1 changed files with 18 additions and 7 deletions
25
server.go
25
server.go
|
|
@ -301,16 +301,27 @@ func (server *Server) postLoadConfig() {
|
||||||
currentConfigurations := server.currentConfigurations.Get().(configs)
|
currentConfigurations := server.currentConfigurations.Get().(configs)
|
||||||
for _, configuration := range currentConfigurations {
|
for _, configuration := range currentConfigurations {
|
||||||
for _, frontend := range configuration.Frontends {
|
for _, frontend := range configuration.Frontends {
|
||||||
for _, route := range frontend.Routes {
|
|
||||||
rules := Rules{}
|
// check if one of the frontend entrypoints is configured with TLS
|
||||||
domains, err := rules.ParseDomains(route.Rule)
|
TLSEnabled := false
|
||||||
if err != nil {
|
for _, entrypoint := range frontend.EntryPoints {
|
||||||
log.Errorf("Error parsing domains: %v", err)
|
if server.globalConfiguration.EntryPoints[entrypoint].TLS != nil {
|
||||||
} else {
|
TLSEnabled = true
|
||||||
server.globalConfiguration.ACME.LoadCertificateForDomains(domains)
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if TLSEnabled {
|
||||||
|
for _, route := range frontend.Routes {
|
||||||
|
rules := Rules{}
|
||||||
|
domains, err := rules.ParseDomains(route.Rule)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("Error parsing domains: %v", err)
|
||||||
|
} else {
|
||||||
|
server.globalConfiguration.ACME.LoadCertificateForDomains(domains)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue