Skip to content

httpcaddyfile: Map default_bind to BindHost in globalACMEDefaults #7278

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 6, 2025
Merged

httpcaddyfile: Map default_bind to BindHost in globalACMEDefaults #7278

merged 6 commits into from
Oct 6, 2025

Conversation

@Monviech
Copy link
Contributor

Fixes: #7210

This attempts to fix issues with default_bind not being used for the tls automation policies.

In my tests with a local caddy build, I do not see the behavior described in the issue anymore.

Caddyfile for testing:

{
        http_port 8080
        https_port 8443
        default_bind ::1 127.0.0.1
        email [email protected]
}

http:// {
}

example.com {
        reverse_proxy 172.16.1.113:8000 
}

The generated json, in which we can see that challenges is now populated with ::1 (first address from default_bind):

{
	"apps": {
		"http": {
			"http_port": 8080,
			"https_port": 8443,
			"servers": {
				"srv0": {
					"listen": [
						"127.0.0.1:8080",
						"[::1]:8080"
					]
				},
				"srv1": {
					"listen": [
						"127.0.0.1:8443",
						"[::1]:8443"
					],
					"routes": [
						{
							"match": [
								{
									"host": [
										"example.com"
									]
								}
							],
							"handle": [
								{
									"handler": "subroute",
									"routes": [
										{
											"handle": [
												{
													"handler": "reverse_proxy",
													"upstreams": [
														{
															"dial": "172.16.1.113:8000"
														}
													]
												}
											]
										}
									]
								}
							],
							"terminal": true
						}
					]
				}
			}
		},
		"tls": {
			"automation": {
				"policies": [
					{
						"subjects": [
							"example.com"
						],
						"issuers": [
							{
								"challenges": {
									"bind_host": "::1",
									"http": {
										"alternate_port": 8080
									},
									"tls-alpn": {
										"alternate_port": 8443
									}
								},
								"email": "[email protected]",
								"module": "acme"
							},
							{
								"ca": "https://acme.zerossl.com/v2/DV90",
								"challenges": {
									"bind_host": "::1",
									"http": {
										"alternate_port": 8080
									},
									"tls-alpn": {
										"alternate_port": 8443
									}
								},
								"email": "[email protected]",
								"module": "acme"
							}
						]
					}
				]
			}
		}
	}
}

Assistance Disclosure

I have used ChatGPT5 Thinking to generate the code, I have authored and tested the result in a local caddy build.

I have written the code comment myself.

@CLAassistant
Copy link

CLAassistant commented Sep 27, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@Monviech Monviech changed the title Implement BindHost fallback in ACME issuer for Caddyfile httpcaddyfile/tlsapp: Map default_bind to BindHost in globalACMEDefaults Sep 28, 2025
@Monviech Monviech changed the title httpcaddyfile/tlsapp: Map default_bind to BindHost in globalACMEDefaults httpcaddyfile: Map default_bind to BindHost in globalACMEDefaults Oct 2, 2025
mholt
mholt reviewed Oct 3, 2025
View reviewed changes
@Monviech Monviech requested a review from mholt October 6, 2025 15:23
mholt
mholt approved these changes Oct 6, 2025
View reviewed changes
Copy link
Member

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thanks for the PR! We'll give it a try. :)

@mholt mholt merged commit 2f1d270 into caddyserver:master Oct 6, 2025
23 checks passed
@Monviech Monviech deleted the default_bind_tlsapp branch October 7, 2025 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mholt mholt mholt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Caddy binds tls_alpn and http policy ports to all interfaces

3 participants

@Monviech @CLAassistant @mholt