Certificate resolvers.

Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00 · 2019-07-19 11:52:04 +02:00 · f75f73f3d2
commit f75f73f3d2
parent e3627e9cba
47 changed files with 1573 additions and 1249 deletions
--- a/integration/fixtures/acme/acme_base.toml
+++ b/integration/fixtures/acme/acme_base.toml
@ -11,31 +11,24 @@
  [entryPoints.web-secure]
    address = "{{ .PortHTTPS }}"

-[acme]
+{{range $name, $resolvers := .Acme }}
+
+[certificatesResolvers.{{ $name }}.acme]
  email = "test@traefik.io"
  storage = "/tmp/acme.json"
-  # entryPoint = "https"
-  acmeLogging = true
-  onHostRule = {{ .Acme.OnHostRule }}
-  keyType = "{{ .Acme.KeyType }}"
-  caServer = "{{ .Acme.CAServer }}"
+  keyType = "{{ $resolvers.ACME.KeyType }}"
+  caServer = "{{ $resolvers.ACME.CAServer }}"

-  {{if .Acme.HTTPChallenge }}
-  [acme.httpChallenge]
-    entryPoint = "{{ .Acme.HTTPChallenge.EntryPoint }}"
+  {{if $resolvers.ACME.HTTPChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.httpChallenge]
+    entryPoint = "{{ $resolvers.ACME.HTTPChallenge.EntryPoint }}"
  {{end}}

-  {{if .Acme.TLSChallenge }}
-  [acme.tlsChallenge]
+  {{if $resolvers.ACME.TLSChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.tlsChallenge]
  {{end}}

-  {{range .Acme.Domains}}
-  [[acme.domains]]
-    main = "{{ .Main }}"
-    sans = [{{range .SANs }}
-      "{{.}}",
-      {{end}}]
-  {{end}}
+{{end}}

 [api]

@ -55,3 +48,4 @@
    rule = "Host(`traefik.acme.wtf`)"
    service = "test"
    [http.routers.test.tls]
+      certResolver = "default"
--- a/integration/fixtures/acme/acme_domains.toml
+++ b/integration/fixtures/acme/acme_domains.toml
@ -0,0 +1,58 @@
+[global]
+  checkNewVersion = false
+  sendAnonymousUsage = false
+
+[log]
+  level = "DEBUG"
+
+[entryPoints]
+  [entryPoints.web]
+    address = "{{ .PortHTTP }}"
+  [entryPoints.web-secure]
+    address = "{{ .PortHTTPS }}"
+
+{{range $name, $resolvers := .Acme }}
+
+[certificatesResolvers.{{ $name }}.acme]
+  email = "test@traefik.io"
+  storage = "/tmp/acme.json"
+  keyType = "{{ $resolvers.ACME.KeyType }}"
+  caServer = "{{ $resolvers.ACME.CAServer }}"
+
+  {{if $resolvers.ACME.HTTPChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.httpChallenge]
+    entryPoint = "{{ $resolvers.ACME.HTTPChallenge.EntryPoint }}"
+  {{end}}
+
+  {{if $resolvers.ACME.TLSChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.tlsChallenge]
+  {{end}}
+
+{{end}}
+
+[api]
+
+[providers.file]
+  filename = "{{ .SelfFilename }}"
+
+## dynamic configuration ##
+
+[http.services]
+  [http.services.test.loadBalancer]
+    [[http.services.test.loadBalancer.servers]]
+      url = "http://127.0.0.1:9010"
+
+[http.routers]
+  [http.routers.test]
+    entryPoints = ["web-secure"]
+    rule = "PathPrefix(`/`)"
+    service = "test"
+    [http.routers.test.tls]
+      certResolver = "default"
+{{range .Domains}}
+  [[http.routers.test.tls.domains]]
+    main = "{{ .Main }}"
+    sans = [{{range .SANs }}
+      "{{.}}",
+      {{end}}]
+{{end}}
--- a/integration/fixtures/acme/acme_multiple_resolvers.toml
+++ b/integration/fixtures/acme/acme_multiple_resolvers.toml
@ -0,0 +1,58 @@
+[global]
+  checkNewVersion = false
+  sendAnonymousUsage = false
+
+[log]
+  level = "DEBUG"
+
+[entryPoints]
+  [entryPoints.web]
+    address = "{{ .PortHTTP }}"
+  [entryPoints.web-secure]
+    address = "{{ .PortHTTPS }}"
+
+{{range $name, $resolvers := .Acme }}
+
+[certificatesResolvers.{{ $name }}.acme]
+  email = "test@traefik.io"
+  storage = "/tmp/acme.json"
+  keyType = "{{ $resolvers.ACME.KeyType }}"
+  caServer = "{{ $resolvers.ACME.CAServer }}"
+
+  {{if $resolvers.ACME.HTTPChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.httpChallenge]
+    entryPoint = "{{ $resolvers.ACME.HTTPChallenge.EntryPoint }}"
+  {{end}}
+
+  {{if $resolvers.ACME.TLSChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.tlsChallenge]
+  {{end}}
+
+{{end}}
+
+[api]
+
+[providers.file]
+  filename = "{{ .SelfFilename }}"
+
+## dynamic configuration ##
+
+[http.services]
+  [http.services.test.loadBalancer]
+    [[http.services.test.loadBalancer.servers]]
+      url = "http://127.0.0.1:9010"
+
+[http.routers]
+  [http.routers.test]
+    entryPoints = ["web-secure"]
+    rule = "Host(`traefik.acme.wtf`)"
+    service = "test"
+    [http.routers.test.tls]
+      certResolver = "default"
+
+  [http.routers.tchouk]
+    entryPoints = ["web-secure"]
+    rule = "Host(`tchouk.acme.wtf`)"
+    service = "test"
+    [http.routers.tchouk.tls]
+      certResolver = "tchouk"
--- a/integration/fixtures/acme/acme_tcp.toml
+++ b/integration/fixtures/acme/acme_tcp.toml
@ -0,0 +1,51 @@
+[global]
+  checkNewVersion = false
+  sendAnonymousUsage = false
+
+[log]
+  level = "DEBUG"
+
+[entryPoints]
+  [entryPoints.web]
+    address = "{{ .PortHTTP }}"
+  [entryPoints.web-secure]
+    address = "{{ .PortHTTPS }}"
+
+{{range $name, $resolvers := .Acme }}
+
+[certificatesResolvers.{{ $name }}.acme]
+  email = "test@traefik.io"
+  storage = "/tmp/acme.json"
+  keyType = "{{ $resolvers.ACME.KeyType }}"
+  caServer = "{{ $resolvers.ACME.CAServer }}"
+
+  {{if $resolvers.ACME.HTTPChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.httpChallenge]
+    entryPoint = "{{ $resolvers.ACME.HTTPChallenge.EntryPoint }}"
+  {{end}}
+
+  {{if $resolvers.ACME.TLSChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.tlsChallenge]
+  {{end}}
+
+{{end}}
+
+[api]
+
+[providers.file]
+  filename = "{{ .SelfFilename }}"
+
+## dynamic configuration ##
+
+[tcp.services]
+  [tcp.services.test.loadBalancer]
+    [[tcp.services.test.loadBalancer.servers]]
+      address = "127.0.0.1:9010"
+
+[tcp.routers]
+  [tcp.routers.test]
+    entryPoints = ["web-secure"]
+    rule = "HostSNI(`traefik.acme.wtf`)"
+    service = "test"
+    [tcp.routers.test.tls]
+      certResolver  = "default"
--- a/integration/fixtures/acme/acme_tls.toml
+++ b/integration/fixtures/acme/acme_tls.toml
@ -11,31 +11,24 @@
  [entryPoints.web-secure]
    address = "{{ .PortHTTPS }}"

-[acme]
+{{range $name, $resolvers := .Acme }}
+
+[certificatesResolvers.{{ $name }}.acme]
  email = "test@traefik.io"
  storage = "/tmp/acme.json"
-#  entryPoint = "https"
-  acmeLogging = true
-  onHostRule = {{ .Acme.OnHostRule }}
-  keyType = "{{ .Acme.KeyType }}"
-  caServer = "{{ .Acme.CAServer }}"
+  keyType = "{{ $resolvers.ACME.KeyType }}"
+  caServer = "{{ $resolvers.ACME.CAServer }}"

-  {{if .Acme.HTTPChallenge }}
-  [acme.httpChallenge]
-    entryPoint = "{{ .Acme.HTTPChallenge.EntryPoint }}"
+  {{if $resolvers.ACME.HTTPChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.httpChallenge]
+    entryPoint = "{{ $resolvers.ACME.HTTPChallenge.EntryPoint }}"
  {{end}}

-  {{if .Acme.TLSChallenge }}
-  [acme.tlsChallenge]
+  {{if $resolvers.ACME.TLSChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.tlsChallenge]
  {{end}}

-  {{range .Acme.Domains}}
-  [[acme.domains]]
-    main = "{{ .Main }}"
-    sans = [{{range .SANs }}
-      "{{.}}",
-      {{end}}]
-  {{end}}
+{{end}}

 [api]

--- a/integration/fixtures/acme/acme_tls_dynamic.toml
+++ b/integration/fixtures/acme/acme_tls_dynamic.toml
@ -7,32 +7,29 @@

 [entryPoints]
  [entryPoints.web]
-  address = "{{ .PortHTTP }}"
+    address = "{{ .PortHTTP }}"
  [entryPoints.web-secure]
-  address = "{{ .PortHTTPS }}"
+    address = "{{ .PortHTTPS }}"

-[acme]
+{{range $name, $resolvers := .Acme }}
+
+[certificatesResolvers.{{ $name }}.acme]
  email = "test@traefik.io"
  storage = "/tmp/acme.json"
-#  entryPoint = "https"
-  acmeLogging = true
-  onHostRule = {{ .Acme.OnHostRule }}
-  keyType = "{{ .Acme.KeyType }}"
-  caServer = "{{ .Acme.CAServer }}"
+  keyType = "{{ $resolvers.ACME.KeyType }}"
+  caServer = "{{ $resolvers.ACME.CAServer }}"

-  {{if .Acme.HTTPChallenge }}
-  [acme.httpChallenge]
-    entryPoint = "{{ .Acme.HTTPChallenge.EntryPoint }}"
+  {{if $resolvers.ACME.HTTPChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.httpChallenge]
+    entryPoint = "{{ $resolvers.ACME.HTTPChallenge.EntryPoint }}"
  {{end}}

-  {{range .Acme.Domains}}
-  [[acme.domains]]
-    main = "{{ .Main }}"
-    sans = [{{range .SANs }}
-      "{{.}}",
-      {{end}}]
+  {{if $resolvers.ACME.TLSChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.tlsChallenge]
  {{end}}

+{{end}}
+
 [api]

 [providers]
--- a/integration/fixtures/acme/acme_tls_multiple_entrypoints.toml
+++ b/integration/fixtures/acme/acme_tls_multiple_entrypoints.toml
@ -8,42 +8,29 @@
 [entryPoints]
  [entryPoints.web]
    address = "{{ .PortHTTP }}"
-
  [entryPoints.web-secure]
    address = "{{ .PortHTTPS }}"

  [entryPoints.traefik]
    address = ":9000"
-#       FIXME
-#      [entryPoints.traefik.tls]
-#        [entryPoints.traefik.tls.defaultCertificate]
-#        certFile = "fixtures/acme/ssl/wildcard.crt"
-#        keyFile = "fixtures/acme/ssl/wildcard.key"

-[acme]
+{{range $name, $resolvers := .Acme }}
+
+[certificatesResolvers.{{ $name }}.acme]
  email = "test@traefik.io"
  storage = "/tmp/acme.json"
-#  entryPoint = "https"
-  acmeLogging = true
-  onHostRule = {{ .Acme.OnHostRule }}
-  keyType = "{{ .Acme.KeyType }}"
-  caServer = "{{ .Acme.CAServer }}"
+  keyType = "{{ $resolvers.ACME.KeyType }}"
+  caServer = "{{ $resolvers.ACME.CAServer }}"

-  {{if .Acme.HTTPChallenge }}
-  [acme.httpChallenge]
-    entryPoint = "{{ .Acme.HTTPChallenge.EntryPoint }}"
+  {{if $resolvers.ACME.HTTPChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.httpChallenge]
+    entryPoint = "{{ $resolvers.ACME.HTTPChallenge.EntryPoint }}"
  {{end}}

-  {{if .Acme.TLSChallenge }}
-  [acme.tlsChallenge]
+  {{if $resolvers.ACME.TLSChallenge }}
+  [certificatesResolvers.{{ $name }}.acme.tlsChallenge]
  {{end}}

-  {{range .Acme.Domains}}
-  [[acme.domains]]
-    main = "{{ .Main }}"
-    sans = [{{range .SANs }}
-      "{{.}}",
-      {{end}}]
-  {{end}}
+{{end}}

 [api]