diff options
| author | Joona Hoikkala <joohoi@users.noreply.github.com> | 2019-02-06 21:02:35 +0300 |
|---|---|---|
| committer | Brad Warren <bmw@users.noreply.github.com> | 2019-02-06 21:02:35 +0300 |
| commit | 7e6a1f248866df8b581f372f3e57355ca4ab4b1c (patch) | |
| tree | fc160deed400e656d1d046396da39df9d5281dce /certbot-apache/certbot_apache/configurator.py | |
| parent | 2ddaf3db043ea8526ae3f9ab2ef120b194b2e506 (diff) | |
Apache plugin: configure all matching domain names to be able to answer HTTP challenge. (#6729)
Attempts to configure all of the following VirtualHosts for answering the HTTP challenge:
* VirtualHosts that have the requested domain name in either `ServerName` or `ServerAlias` directive.
* VirtualHosts that have a wildcard name that would match the requested domain name.
This also applies to HTTPS VirtualHosts, making Apache plugin able to handle cases where HTTP redirection takes place in reverse proxy or similar, before reaching the Apache HTTPD.
Even though also HTTPS VirtualHosts are selected, Apache plugin tries to ensure that at least one of the selected VirtualHosts listens to HTTP-01 port (configured with `--http-01-port` CLI option). So in a case where only HTTPS VirtualHosts exist, but user wants to configure those, `--http-01-port` parameter needs to be set for the port configured to the HTTPS VirtualHost(s).
Fixes: #6730
* Select all matching VirtualHosts for HTTP-01 challenges instead of just one
* Finalize PR and add tests
* Changelog entry
Diffstat (limited to 'certbot-apache/certbot_apache/configurator.py')
| -rw-r--r-- | certbot-apache/certbot_apache/configurator.py | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py index 16de3a3d8..efd766e63 100644 --- a/certbot-apache/certbot_apache/configurator.py +++ b/certbot-apache/certbot_apache/configurator.py @@ -577,8 +577,9 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): self.assoc[target_name] = vhost return vhost - def included_in_wildcard(self, names, target_name): - """Is target_name covered by a wildcard? + def domain_in_names(self, names, target_name): + """Checks if target domain is covered by one or more of the provided + names. The target name is matched by wildcard as well as exact match. :param names: server aliases :type names: `collections.Iterable` of `str` @@ -649,7 +650,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): names = vhost.get_names() if target_name in names: points = 3 - elif self.included_in_wildcard(names, target_name): + elif self.domain_in_names(names, target_name): points = 2 elif any(addr.get_addr() == target_name for addr in vhost.addrs): points = 1 @@ -1463,7 +1464,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): matches = self.parser.find_dir( "ServerAlias", start=vh_path, exclude=False) aliases = (self.aug.get(match) for match in matches) - return self.included_in_wildcard(aliases, target_name) + return self.domain_in_names(aliases, target_name) def _add_name_vhost_if_necessary(self, vhost): """Add NameVirtualHost Directives if necessary for new vhost. |