pages/pages-server
1
0
Fork 0
mirror of https://codeberg.org/Codeberg/pages-server.git synced 2025-04-25 06:16:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add option to avoid using dns wildcard cert

Browse source
This commit is contained in:
Jean-Marie 'Histausse' Mineau 2024-02-17 00:37:26 +01:00
parent 7e80ade24b
commit 83b1c4f9e4
No known key found for this signature in database
GPG key ID: B66AEEDA9B645AD2
7 changed files with 28 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
server/certificates/certificates.go
View file

@ -33,6 +33,7 @@ func TLSConfig(mainDomainSuffix string,
firstDefaultBranch string,
keyCache, challengeCache, dnsLookupCache, canonicalDomainCache cache.ICache,
certDB database.CertDB,
noDNS01 bool,
) *tls.Config {
return &tls.Config{
// check DNS name & get certificate from Let's Encrypt
@ -64,9 +65,15 @@ func TLSConfig(mainDomainSuffix string,
targetOwner := ""
mayObtainCert := true
if strings.HasSuffix(domain, mainDomainSuffix) || strings.EqualFold(domain, mainDomainSuffix[1:]) {
// deliver default certificate for the main domain (*.codeberg.page)
domain = mainDomainSuffix
if noDNS01 {
//TODO check if the domain is served to avoid DOSing ourseflve
mayObtainCert = true
} else {
// deliver default certificate for the main domain (*.codeberg.page)
domain = mainDomainSuffix
}
} else {
var targetRepo, targetBranch string
targetOwner, targetRepo, targetBranch = dnsutils.GetTargetFromDNS(domain, mainDomainSuffix, firstDefaultBranch, dnsLookupCache)