/
configmap.go
92 lines (76 loc) · 2.18 KB
/
configmap.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
package global
import (
"encoding/json"
caddy2 "github.com/caddyserver/caddy/v2"
"github.com/caddyserver/caddy/v2/caddyconfig"
"github.com/caddyserver/caddy/v2/modules/caddytls"
"github.com/caddyserver/ingress/pkg/converter"
"github.com/caddyserver/ingress/pkg/store"
"github.com/mholt/acmez/acme"
)
type ConfigMapPlugin struct{}
func init() {
converter.RegisterPlugin(ConfigMapPlugin{})
}
func (p ConfigMapPlugin) IngressPlugin() converter.PluginInfo {
return converter.PluginInfo{
Name: "configmap",
New: func() converter.Plugin { return new(ConfigMapPlugin) },
}
}
func (p ConfigMapPlugin) GlobalHandler(config *converter.Config, store *store.Store) error {
cfgMap := store.ConfigMap
tlsApp := config.GetTLSApp()
httpServer := config.GetHTTPServer()
if cfgMap.Debug {
config.Logging.Logs = map[string]*caddy2.CustomLog{"default": {BaseLog: caddy2.BaseLog{Level: "DEBUG"}}}
}
if cfgMap.AcmeCA != "" || cfgMap.Email != "" {
acmeIssuer := caddytls.ACMEIssuer{}
if cfgMap.AcmeCA != "" {
acmeIssuer.CA = cfgMap.AcmeCA
}
if cfgMap.AcmeEABKeyId != "" && cfgMap.AcmeEABMacKey != "" {
acmeIssuer.ExternalAccount = &acme.EAB{
KeyID: cfgMap.AcmeEABKeyId,
MACKey: cfgMap.AcmeEABMacKey,
}
}
if cfgMap.Email != "" {
acmeIssuer.Email = cfgMap.Email
}
var onDemandConfig *caddytls.OnDemandConfig
if cfgMap.OnDemandTLS {
onDemandConfig = &caddytls.OnDemandConfig{
RateLimit: &caddytls.RateLimit{
Interval: cfgMap.OnDemandRateLimitInterval,
Burst: cfgMap.OnDemandRateLimitBurst,
},
Ask: cfgMap.OnDemandAsk,
}
}
tlsApp.Automation = &caddytls.AutomationConfig{
OnDemand: onDemandConfig,
OCSPCheckInterval: cfgMap.OCSPCheckInterval,
Policies: []*caddytls.AutomationPolicy{
{
IssuersRaw: []json.RawMessage{
caddyconfig.JSONModuleObject(acmeIssuer, "module", "acme", nil),
},
OnDemand: cfgMap.OnDemandTLS,
},
},
}
}
if cfgMap.ProxyProtocol {
httpServer.ListenerWrappersRaw = []json.RawMessage{
json.RawMessage(`{"wrapper":"proxy_protocol"}`),
json.RawMessage(`{"wrapper":"tls"}`),
}
}
return nil
}
// Interface guards
var (
_ = converter.GlobalMiddleware(ConfigMapPlugin{})
)