diff options
| author |  Miek Gieben <miek@miek.nl>
| 2016-03-18 20:57:35 +0000 |
|---|---|---|
| committer | Miek Gieben <miek@miek.nl>
| 2016-03-18 20:57:35 +0000 |
| commit | 3ec0d9fe6b133a64712ae69fd712c14ad1a71f4d (patch) | |
| tree | fae74c33cfed05de603785294593275f1901c861 /core/https/handler.go | |
| download | coredns-3ec0d9fe6b133a64712ae69fd712c14ad1a71f4d.tar.gz coredns-3ec0d9fe6b133a64712ae69fd712c14ad1a71f4d.tar.zst coredns-3ec0d9fe6b133a64712ae69fd712c14ad1a71f4d.zip | |
First commit
Diffstat (limited to 'core/https/handler.go')
| -rw-r--r-- | core/https/handler.go | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/core/https/handler.go b/core/https/handler.go new file mode 100644 index 000000000..f3139f54e --- /dev/null +++ b/core/https/handler.go @@ -0,0 +1,42 @@ +package https + +import ( + "crypto/tls" + "log" + "net/http" + "net/http/httputil" + "net/url" + "strings" +) + +const challengeBasePath = "/.well-known/acme-challenge" + +// RequestCallback proxies challenge requests to ACME client if the +// request path starts with challengeBasePath. It returns true if it +// handled the request and no more needs to be done; it returns false +// if this call was a no-op and the request still needs handling. +func RequestCallback(w http.ResponseWriter, r *http.Request) bool { + if strings.HasPrefix(r.URL.Path, challengeBasePath) { + scheme := "http" + if r.TLS != nil { + scheme = "https" + } + + upstream, err := url.Parse(scheme + "://localhost:" + AlternatePort) + if err != nil { + w.WriteHeader(http.StatusInternalServerError) + log.Printf("[ERROR] ACME proxy handler: %v", err) + return true + } + + proxy := httputil.NewSingleHostReverseProxy(upstream) + proxy.Transport = &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // solver uses self-signed certs + } + proxy.ServeHTTP(w, r) + + return true + } + + return false +} |