You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2017/10/23 11:55:33 UTC
svn commit: r1812999 - in /httpd/httpd/trunk: CHANGES modules/md/md.h
modules/md/md_version.h modules/md/mod_md.c modules/md/mod_md_config.c
Author: icing
Date: Mon Oct 23 11:55:33 2017
New Revision: 1812999
URL: http://svn.apache.org/viewvc?rev=1812999&view=rev
Log:
On the trunk:
*) mod_md: v1.0.1, ServerName/Alias names from pure-http: virtual hosts are no longer
auto-added to a Managed Domain. Error counts of jobs are presisted. When the server
restarts (gracefully) any errored staging areas are purged to reset the signup/renewal
process.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/md/md.h
httpd/httpd/trunk/modules/md/md_version.h
httpd/httpd/trunk/modules/md/mod_md.c
httpd/httpd/trunk/modules/md/mod_md_config.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1812999&r1=1812998&r2=1812999&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Oct 23 11:55:33 2017
@@ -1,6 +1,11 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_md: v1.0.1, ServerName/Alias names from pure-http: virtual hosts are no longer
+ auto-added to a Managed Domain. Error counts of jobs are presisted. When the server
+ restarts (gracefully) any errored staging areas are purged to reset the signup/renewal
+ process. [Stefan Eissing]
+
*) htpasswd: Don't fail in -v mode if password file is unwritable.
PR 61631. [Joe Orton]
Modified: httpd/httpd/trunk/modules/md/md.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md.h?rev=1812999&r1=1812998&r2=1812999&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md.h (original)
+++ httpd/httpd/trunk/modules/md/md.h Mon Oct 23 11:55:33 2017
@@ -124,6 +124,7 @@ struct md_t {
#define MD_KEY_DOMAIN "domain"
#define MD_KEY_DOMAINS "domains"
#define MD_KEY_DRIVE_MODE "drive-mode"
+#define MD_KEY_ERRORS "errors"
#define MD_KEY_EXPIRES "expires"
#define MD_KEY_HTTP "http"
#define MD_KEY_HTTPS "https"
Modified: httpd/httpd/trunk/modules/md/md_version.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_version.h?rev=1812999&r1=1812998&r2=1812999&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_version.h (original)
+++ httpd/httpd/trunk/modules/md/md_version.h Mon Oct 23 11:55:33 2017
@@ -26,7 +26,7 @@
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "1.0.0"
+#define MOD_MD_VERSION "1.0.1"
/**
* @macro
@@ -34,7 +34,7 @@
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x010000
+#define MOD_MD_VERSION_NUM 0x010001
#define MD_EXPERIMENTAL 0
#define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory"
Modified: httpd/httpd/trunk/modules/md/mod_md.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/mod_md.c?rev=1812999&r1=1812998&r2=1812999&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/mod_md.c (original)
+++ httpd/httpd/trunk/modules/md/mod_md.c Mon Oct 23 11:55:33 2017
@@ -163,6 +163,23 @@ static int matches_port_somewhere(server
return 0;
}
+static int uses_port_only(server_rec *s, int port)
+{
+ server_addr_rec *sa;
+ int match = 0;
+ for (sa = s->addrs; sa; sa = sa->next) {
+ if (sa->host_port == port) {
+ /* host_addr might be general (0.0.0.0) or specific, we count this as match */
+ match = 1;
+ }
+ else {
+ /* uses other port/wildcard */
+ return 0;
+ }
+ }
+ return match;
+}
+
static apr_status_t assign_to_servers(md_t *md, server_rec *base_server,
apr_pool_t *p, apr_pool_t *ptemp)
{
@@ -209,10 +226,15 @@ static apr_status_t assign_to_servers(md
return APR_EINVAL;
}
- /* If server has name or an alias not covered,
- * a generated certificate will not match.
- */
- if (APR_SUCCESS != (rv = md_covers_server(md, s, ptemp))) {
+ /* If this server_rec is only for http: requests. Defined
+ * alias names to not matter for this MD.
+ * (see gh issue https://github.com/icing/mod_md/issues/57)
+ * Otherwise, if server has name or an alias not covered,
+ * it is by default auto-added (config transitive).
+ * If mode is "manual", a generated certificate will not match
+ * all necessary names. */
+ if ((!mc->local_80 || !uses_port_only(s, mc->local_80))
+ && APR_SUCCESS != (rv = md_covers_server(md, s, ptemp))) {
return rv;
}
@@ -596,11 +618,42 @@ static void assess_renewal(md_watchdog *
}
}
+static apr_status_t load_job_props(md_reg_t *reg, md_job_t *job, apr_pool_t *p)
+{
+ md_store_t *store = md_reg_store_get(reg);
+ md_json_t *jprops;
+ apr_status_t rv;
+
+ rv = md_store_load_json(store, MD_SG_STAGING, job->md->name,
+ MD_FN_JOB, &jprops, p);
+ if (APR_SUCCESS == rv) {
+ job->restart_processed = md_json_getb(jprops, MD_KEY_PROCESSED, NULL);
+ job->error_runs = (int)md_json_getl(jprops, MD_KEY_ERRORS, NULL);
+ }
+ return rv;
+}
+
+static apr_status_t save_job_props(md_reg_t *reg, md_job_t *job, apr_pool_t *p)
+{
+ md_store_t *store = md_reg_store_get(reg);
+ md_json_t *jprops;
+ apr_status_t rv;
+
+ rv = md_store_load_json(store, MD_SG_STAGING, job->md->name, MD_FN_JOB, &jprops, p);
+ if (APR_SUCCESS == rv) {
+ md_json_setb(job->restart_processed, jprops, MD_KEY_PROCESSED, NULL);
+ md_json_setl(job->error_runs, jprops, MD_KEY_PROCESSED, NULL);
+ rv = md_store_save_json(store, p, MD_SG_STAGING, job->md->name,
+ MD_FN_JOB, jprops, 0);
+ }
+ return rv;
+}
+
static apr_status_t check_job(md_watchdog *wd, md_job_t *job, apr_pool_t *ptemp)
{
apr_status_t rv = APR_SUCCESS;
apr_time_t valid_from, delay;
- int errored, renew;
+ int errored, renew, error_runs;
char ts[APR_RFC822_DATE_LEN];
if (apr_time_now() < job->next_check) {
@@ -609,6 +662,8 @@ static apr_status_t check_job(md_watchdo
}
job->next_check = 0;
+ error_runs = job->error_runs;
+
if (job->md->state == MD_S_MISSING) {
job->stalled = 1;
}
@@ -665,6 +720,10 @@ static apr_status_t check_job(md_watchdo
job->md->name, job->error_runs, md_print_duration(ptemp, delay));
}
+ if (error_runs != job->error_runs) {
+ save_job_props(wd->reg, job, ptemp);
+ }
+
job->last_rv = rv;
return rv;
}
@@ -673,6 +732,7 @@ static apr_status_t run_watchdog(int sta
{
md_watchdog *wd = baton;
apr_status_t rv = APR_SUCCESS;
+ md_store_t *store;
md_job_t *job;
apr_time_t next_run, now;
int restart = 0;
@@ -682,10 +742,16 @@ static apr_status_t run_watchdog(int sta
case AP_WATCHDOG_STATE_STARTING:
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, wd->s, APLOGNO(10054)
"md watchdog start, auto drive %d mds", wd->jobs->nelts);
+ assert(wd->reg);
+ store = md_reg_store_get(wd->reg);
+
+ for (i = 0; i < wd->jobs->nelts; ++i) {
+ job = APR_ARRAY_IDX(wd->jobs, i, md_job_t *);
+ load_job_props(wd->reg, job, ptemp);
+ }
break;
case AP_WATCHDOG_STATE_RUNNING:
- assert(wd->reg);
-
+
wd->next_change = 0;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, wd->s, APLOGNO(10055)
"md watchdog run, auto drive %d mds", wd->jobs->nelts);
@@ -727,22 +793,13 @@ static apr_status_t run_watchdog(int sta
if (restart) {
const char *action, *names = "";
- md_json_t *jprops;
- md_store_t *store = md_reg_store_get(wd->reg);
int n;
for (i = 0, n = 0; i < wd->jobs->nelts; ++i) {
job = APR_ARRAY_IDX(wd->jobs, i, md_job_t *);
if (job->need_restart && !job->restart_processed) {
- rv = md_store_load_json(store, MD_SG_STAGING, job->md->name,
- "job.json", &jprops, ptemp);
- if (APR_SUCCESS == rv) {
- job->restart_processed = md_json_getb(jprops, MD_KEY_PROCESSED, NULL);
- }
- if (!job->restart_processed) {
- names = apr_psprintf(ptemp, "%s%s%s", names, n? " " : "", job->md->name);
- ++n;
- }
+ names = apr_psprintf(ptemp, "%s%s%s", names, n? " " : "", job->md->name);
+ ++n;
}
}
@@ -778,14 +835,7 @@ static apr_status_t run_watchdog(int sta
job = APR_ARRAY_IDX(wd->jobs, i, md_job_t *);
if (job->need_restart && !job->restart_processed) {
job->restart_processed = 1;
-
- rv = md_store_load_json(store, MD_SG_STAGING, job->md->name,
- MD_FN_JOB, &jprops, ptemp);
- if (APR_SUCCESS == rv) {
- md_json_setb(1, jprops, MD_KEY_PROCESSED, NULL);
- rv = md_store_save_json(store, ptemp, MD_SG_STAGING, job->md->name,
- MD_FN_JOB, jprops, 0);
- }
+ save_job_props(wd->reg, job, ptemp);
}
}
}
@@ -871,6 +921,18 @@ static apr_status_t start_watchdog(apr_a
ap_log_error( APLOG_MARK, APLOG_DEBUG, 0, wd->s, APLOGNO(10064)
"md(%s): state=%d, driving", name, md->state);
+
+ load_job_props(reg, job, wd->p);
+ if (job->error_runs) {
+ /* We are just restarting. If we encounter jobs that had errors
+ * running the protocol on previous staging runs, we reset
+ * the staging area for it, in case we persisted something that
+ * causes a loop. */
+ md_store_t *store = md_reg_store_get(wd->reg);
+
+ md_store_purge(store, p, MD_SG_STAGING, job->md->name);
+ md_store_purge(store, p, MD_SG_CHALLENGES, job->md->name);
+ }
}
}
}
Modified: httpd/httpd/trunk/modules/md/mod_md_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/mod_md_config.c?rev=1812999&r1=1812998&r2=1812999&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/mod_md_config.c (original)
+++ httpd/httpd/trunk/modules/md/mod_md_config.c Mon Oct 23 11:55:33 2017
@@ -346,7 +346,7 @@ static const char *md_config_set_names(c
int i, transitive = -1;
(void)dc;
- err = ap_check_cmd_context(cmd, NOT_IN_DIR_CONTEXT);
+ err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE);
if (err) {
return err;
}