upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-05-28 04:34:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

www/caddy: Add custom resolver to DNS Provider Tab (#4183)

Browse source 
* www/caddy: Add custom resolver to DNS Provider Tab. Cleaned up tls_configuration macro by making it more dry.

* www/caddy: Added newline so that following options do not accidentally render in same line as dns line.

* Update www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/dnsprovider.xml

* Update www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml

---------

Co-authored-by: Franco Fichtner <franco@lastsummer.de>
This commit is contained in:
Monviech 2024-08-19 21:22:53 +02:00 committed by GitHub
parent b82690448c
commit 405fb2e263
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 54 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
www/caddy/pkg-descr
View file

@ -31,6 +31,7 @@ Plugin Changelog
1.6.3
* Add: Disable Propagation Timeout in DNS Provider Tab. This can help if the DNS Challenge fails due to DNS Propagation being too slow.
* Add: Set custom resolver for the DNS Challenge in the DNS Provider tab.
1.6.2

6
www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/dnsprovider.xml
View file

@ -51,6 +51,12 @@
<label>DNS Propagation</label>
<collapse>true</collapse>
</field>
<field>
<id>caddy.general.TlsDnsPropagationResolvers</id>
<label>Resolvers</label>
<type>text</type>
<help><![CDATA[Leave empty to use the system resolvers (default). Resolvers customizes the DNS resolvers used when performing the DNS challenge; these take precedence over system resolvers or any default ones. If set here, the resolvers will propagate to all configured certificate issuers. If the system resolvers use DNS over TLS, setting an external resolver here is required or the DNS challenge will fail.]]></help>
</field>
<field>
<id>caddy.general.TlsDnsPropagationTimeout</id>
<label>Disable Propagation Timeout</label>

3
www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml
View file

@ -70,6 +70,9 @@
<TlsDnsOptionalField3 type="TextField"/>
<TlsDnsOptionalField4 type="TextField"/>
<TlsDnsPropagationTimeout type="BooleanField"/>
<TlsDnsPropagationResolvers type="NetworkField">
<NetMaskAllowed>N</NetMaskAllowed>
</TlsDnsPropagationResolvers>
<accesslist type="ModelRelationField">
<Model>
<reverseproxy>

73
www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile
View file

@ -319,36 +319,38 @@
# - @param dnsSecretApiKey (string, optional): A secret API key or token for additional security, depending on the provider.
# - @param TlsDnsOptionalField1 to 4 (string, optional): Additional fields for specific DNS provider configurations.
# - @param TlsDnsPropagationTimeout (boolean, optional): Disables Propagation Timeout for DNS Challenge.
# - @param TlsDnsPropagationResolvers (string, optional): Set custom nameserver for DNS Challenge.
#}
{% macro tls_configuration(dnsProvider, dnsApiKey, customCert, dnsChallenge, dnsSecretApiKey, TlsDnsOptionalField1, TlsDnsOptionalField2, TlsDnsOptionalField3, TlsDnsOptionalField4, TlsDnsPropagationTimeout) %}
{% if dnsChallenge == "1" and dnsProvider %}
{% if dnsProvider in dnsProviderSpecialConfig %}
tls {
issuer acme {
dns {{ dnsProvider }} {
{% include "OPNsense/Caddy/includeDnsProvider" %}
}
{% if TlsDnsPropagationTimeout|default("0") == "1" %}
propagation_delay 30s
propagation_timeout -1
{% endif %}
{% macro tls_configuration(
customCert,
dnsChallenge,
dnsProvider,
dnsApiKey,
dnsSecretApiKey,
tlsDnsOptionalField1,
tlsDnsOptionalField2,
tlsDnsOptionalField3,
tlsDnsOptionalField4,
tlsDnsPropagationTimeout,
tlsDnsPropagationResolvers
) %}
{% if customCert or (dnsChallenge == "1" and dnsProvider) %}
tls {% if customCert %}/var/db/caddy/data/caddy/certificates/temp/{{ customCert }}.pem /var/db/caddy/data/caddy/certificates/temp/{{ customCert }}.key{% endif %} {% if not customCert and dnsChallenge == "1" and dnsProvider %}{
issuer acme {
dns {{ dnsProvider }} {% if dnsProvider not in dnsProviderSpecialConfig %}{{ dnsApiKey }}{% else %}{
{% include "OPNsense/Caddy/includeDnsProvider" %}
}
{% endif %}
{% if tlsDnsPropagationResolvers %}
resolvers {{ tlsDnsPropagationResolvers }}
{% endif %}
{% if tlsDnsPropagationTimeout|default("0") == "1" %}
propagation_delay 30s
propagation_timeout -1
{% endif %}
}
{% else %}
tls {
issuer acme {
{# Other DNS Providers fall under this default #}
dns {{ dnsProvider }} {{ dnsApiKey }}
{% if TlsDnsPropagationTimeout|default("0") == "1" %}
propagation_delay 30s
propagation_timeout -1
{% endif %}
}
}
{% endif %}
{% endif %}
{% if customCert %}
tls /var/db/caddy/data/caddy/certificates/temp/{{ customCert }}.pem /var/db/caddy/data/caddy/certificates/temp/{{ customCert }}.key
}{% endif %}
{% endif %}
{% endmacro %}
@ -558,8 +560,21 @@
{% endif %}
{% set customCert = reverse.CustomCertificate|default("") %}
{% set dnsChallenge = reverse.DnsChallenge|default("0") %}
{% set TlsDnsPropagationTimeout = generalSettings.TlsDnsPropagationTimeout %}
{{ tls_configuration(dnsProvider, dnsApiKey, customCert, dnsChallenge, dnsSecretApiKey, TlsDnsOptionalField1, TlsDnsOptionalField2, TlsDnsOptionalField3, TlsDnsOptionalField4, TlsDnsPropagationTimeout) }}
{% set tlsDnsPropagationTimeout = generalSettings.TlsDnsPropagationTimeout %}
{% set tlsDnsPropagationResolvers = generalSettings.TlsDnsPropagationResolvers %}
{{ tls_configuration(
customCert,
dnsChallenge,
dnsProvider,
dnsApiKey,
dnsSecretApiKey,
tlsDnsOptionalField1,
tlsDnsOptionalField2,
tlsDnsOptionalField3,
tlsDnsOptionalField4,
tlsDnsPropagationTimeout,
tlsDnsPropagationResolvers
) }}
{% if not reverse.accesslist %}
{% set basicauth_uuids = reverse.basicauth %}