/
tls.go
53 lines (43 loc) · 1.15 KB
/
tls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
package global
import (
"encoding/json"
"slices"
"github.com/caddyserver/ingress/internal/controller"
"github.com/caddyserver/ingress/pkg/converter"
"github.com/caddyserver/ingress/pkg/store"
)
type TLSPlugin struct{}
func (p TLSPlugin) IngressPlugin() converter.PluginInfo {
return converter.PluginInfo{
Name: "tls",
New: func() converter.Plugin { return new(TLSPlugin) },
}
}
func init() {
converter.RegisterPlugin(TLSPlugin{})
}
func (p TLSPlugin) GlobalHandler(config *converter.Config, store *store.Store) error {
tlsApp := config.GetTLSApp()
httpServer := config.GetHTTPServer()
var hosts []string
// Get all Hosts subject to custom TLS certs
for _, ing := range store.Ingresses {
for _, tlsRule := range ing.Spec.TLS {
for _, h := range tlsRule.Hosts {
if !slices.Contains(hosts, h) {
hosts = append(hosts, h)
}
}
}
}
if len(hosts) > 0 {
tlsApp.CertificatesRaw["load_folders"] = json.RawMessage(`["` + controller.CertFolder + `"]`)
// do not manage certificates for those hosts
httpServer.AutoHTTPS.SkipCerts = hosts
}
return nil
}
// Interface guards
var (
_ = converter.GlobalMiddleware(TLSPlugin{})
)