Remove https requirement to use external_domains
This commit is contained in:
parent
c95f4b9b39
commit
92254047b2
@ -82,8 +82,6 @@ domain:
|
|||||||
# External domains will have a TLS key/cert generated and signed for them, but
|
# External domains will have a TLS key/cert generated and signed for them, but
|
||||||
# which will not be served by domani itself. The key/cert files will be placed
|
# which will not be served by domani itself. The key/cert files will be placed
|
||||||
# in the configured paths.
|
# in the configured paths.
|
||||||
#
|
|
||||||
# HTTPS must be enabled for external_domains to be used.
|
|
||||||
#external_domains:
|
#external_domains:
|
||||||
#example.com
|
#example.com
|
||||||
# tls_key_path: /dir/path/key.pem
|
# tls_key_path: /dir/path/key.pem
|
||||||
|
|||||||
@ -74,10 +74,6 @@ async fn main() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if !config.domain.external_domains.is_empty() && config.service.http.https_addr.is_none() {
|
|
||||||
panic!("https must be enabled to use external_domains")
|
|
||||||
}
|
|
||||||
|
|
||||||
config
|
config
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -87,7 +83,9 @@ async fn main() {
|
|||||||
return;
|
return;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
let https_enabled = config.service.http.https_addr.is_some();
|
||||||
let gemini_enabled = config.service.gemini.gemini_addr.is_some();
|
let gemini_enabled = config.service.gemini.gemini_addr.is_some();
|
||||||
|
let external_domains_enabled = !config.domain.external_domains.is_empty();
|
||||||
|
|
||||||
let origin_store = domani::origin::git::FSStore::new(&config.origin)
|
let origin_store = domani::origin::git::FSStore::new(&config.origin)
|
||||||
.expect("git origin store initialization failed");
|
.expect("git origin store initialization failed");
|
||||||
@ -103,7 +101,7 @@ async fn main() {
|
|||||||
domani::domain::store::FSStore::new(&config.domain.store_dir_path.join("domains"))
|
domani::domain::store::FSStore::new(&config.domain.store_dir_path.join("domains"))
|
||||||
.expect("domain config store initialization failed");
|
.expect("domain config store initialization failed");
|
||||||
|
|
||||||
let domain_acme_manager = if config.service.http.https_addr.is_some() {
|
let domain_acme_manager = if https_enabled || external_domains_enabled {
|
||||||
let acme_config = config
|
let acme_config = config
|
||||||
.domain
|
.domain
|
||||||
.acme
|
.acme
|
||||||
|
|||||||
@ -66,8 +66,6 @@ impl Service {
|
|||||||
where
|
where
|
||||||
CertResolver: rustls::server::ResolvesServerCert + 'static,
|
CertResolver: rustls::server::ResolvesServerCert + 'static,
|
||||||
{
|
{
|
||||||
let https_enabled = config.http.https_addr.is_some();
|
|
||||||
|
|
||||||
let service = sync::Arc::new(Service {
|
let service = sync::Arc::new(Service {
|
||||||
domain_manager: domain_manager.clone(),
|
domain_manager: domain_manager.clone(),
|
||||||
cert_resolver: sync::Arc::from(cert_resolver),
|
cert_resolver: sync::Arc::from(cert_resolver),
|
||||||
@ -79,13 +77,17 @@ impl Service {
|
|||||||
|
|
||||||
task_stack.push_spawn(|canceller| tasks::listen_http(service.clone(), canceller));
|
task_stack.push_spawn(|canceller| tasks::listen_http(service.clone(), canceller));
|
||||||
|
|
||||||
if https_enabled {
|
if service.https_enabled() {
|
||||||
task_stack.push_spawn(|canceller| tasks::listen_https(service.clone(), canceller));
|
task_stack.push_spawn(|canceller| tasks::listen_https(service.clone(), canceller));
|
||||||
}
|
}
|
||||||
|
|
||||||
service
|
service
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn https_enabled(&self) -> bool {
|
||||||
|
self.config.http.https_addr.is_some()
|
||||||
|
}
|
||||||
|
|
||||||
fn serve(&self, status_code: u16, path: &str, body: Body) -> Response<Body> {
|
fn serve(&self, status_code: u16, path: &str, body: Body) -> Response<Body> {
|
||||||
match Response::builder()
|
match Response::builder()
|
||||||
.status(status_code)
|
.status(status_code)
|
||||||
@ -125,7 +127,7 @@ impl Service {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fn presenter_http_scheme(&self) -> &str {
|
fn presenter_http_scheme(&self) -> &str {
|
||||||
if self.config.http.https_addr.is_some() {
|
if self.https_enabled() {
|
||||||
return "https";
|
return "https";
|
||||||
}
|
}
|
||||||
"http"
|
"http"
|
||||||
@ -542,7 +544,7 @@ impl Service {
|
|||||||
// - /.well-known urls
|
// - /.well-known urls
|
||||||
// - proxied domains with https_disabled set on them
|
// - proxied domains with https_disabled set on them
|
||||||
// everything else must use https if possible.
|
// everything else must use https if possible.
|
||||||
let https_upgradable = self.config.http.https_addr.is_some() && !req_is_https;
|
let https_upgradable = self.https_enabled() && !req_is_https;
|
||||||
|
|
||||||
if let Some(config) = self.proxied_domains.get(&domain) {
|
if let Some(config) = self.proxied_domains.get(&domain) {
|
||||||
if config.http_url.is_none() {
|
if config.http_url.is_none() {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user