Remove https requirement to use external_domains

2024-01-14 16:03:25 +01:00 · 2024-01-14 16:03:25 +01:00 · 92254047b2
commit 92254047b2
parent c95f4b9b39
3 changed files with 10 additions and 12 deletions
--- a/config.yml
+++ b/config.yml
@ -82,8 +82,6 @@ domain:
  # External domains will have a TLS key/cert generated and signed for them, but
  # which will not be served by domani itself. The key/cert files will be placed
  # in the configured paths.
-  #
-  # HTTPS must be enabled for external_domains to be used.
  #external_domains:
    #example.com
    #  tls_key_path: /dir/path/key.pem
--- a/src/main.rs
+++ b/src/main.rs
@ -74,10 +74,6 @@ async fn main() {
            }
        }

-        if !config.domain.external_domains.is_empty() && config.service.http.https_addr.is_none() {
-            panic!("https must be enabled to use external_domains")
-        }
-
        config
    };

@ -87,7 +83,9 @@ async fn main() {
        return;
    };

+    let https_enabled = config.service.http.https_addr.is_some();
    let gemini_enabled = config.service.gemini.gemini_addr.is_some();
+    let external_domains_enabled = !config.domain.external_domains.is_empty();

    let origin_store = domani::origin::git::FSStore::new(&config.origin)
        .expect("git origin store initialization failed");
@ -103,7 +101,7 @@ async fn main() {
        domani::domain::store::FSStore::new(&config.domain.store_dir_path.join("domains"))
            .expect("domain config store initialization failed");

-    let domain_acme_manager = if config.service.http.https_addr.is_some() {
+    let domain_acme_manager = if https_enabled || external_domains_enabled {
        let acme_config = config
            .domain
            .acme
--- a/src/service/http.rs
+++ b/src/service/http.rs
@ -66,8 +66,6 @@ impl Service {
    where
        CertResolver: rustls::server::ResolvesServerCert + 'static,
    {
-        let https_enabled = config.http.https_addr.is_some();
-
        let service = sync::Arc::new(Service {
            domain_manager: domain_manager.clone(),
            cert_resolver: sync::Arc::from(cert_resolver),
@ -79,13 +77,17 @@ impl Service {

        task_stack.push_spawn(|canceller| tasks::listen_http(service.clone(), canceller));

-        if https_enabled {
+        if service.https_enabled() {
            task_stack.push_spawn(|canceller| tasks::listen_https(service.clone(), canceller));
        }

        service
    }

+    fn https_enabled(&self) -> bool {
+        self.config.http.https_addr.is_some()
+    }
+
    fn serve(&self, status_code: u16, path: &str, body: Body) -> Response<Body> {
        match Response::builder()
            .status(status_code)
@ -125,7 +127,7 @@ impl Service {
    }

    fn presenter_http_scheme(&self) -> &str {
-        if self.config.http.https_addr.is_some() {
+        if self.https_enabled() {
            return "https";
        }
        "http"
@ -542,7 +544,7 @@ impl Service {
        // - /.well-known urls
        // - proxied domains with https_disabled set on them
        // everything else must use https if possible.
-        let https_upgradable = self.config.http.https_addr.is_some() && !req_is_https;
+        let https_upgradable = self.https_enabled() && !req_is_https;

        if let Some(config) = self.proxied_domains.get(&domain) {
            if config.http_url.is_none() {