mirror of
https://github.com/mjl-/mox.git
synced 2025-07-10 10:34:40 +03:00
replace listener config option IPsNATed with NATIPs, and let autotls check NATIPs
NATIPs lists the public IPs, so we can still do the DNS checks on them. with IPsNATed, we disabled the checks. based on feedback by kikoreis in issue #52
This commit is contained in:
@ -272,7 +272,15 @@ func (c *Config) allowACMEHosts(checkACMEHosts bool) {
|
||||
}
|
||||
}
|
||||
|
||||
m.SetAllowedHostnames(dns.StrictResolver{Pkg: "autotls"}, hostnames, c.Static.Listeners["public"].IPs, checkACMEHosts)
|
||||
public := c.Static.Listeners["public"]
|
||||
ips := public.IPs
|
||||
if len(public.NATIPs) > 0 {
|
||||
ips = public.NATIPs
|
||||
}
|
||||
if public.IPsNATed {
|
||||
ips = nil
|
||||
}
|
||||
m.SetAllowedHostnames(dns.StrictResolver{Pkg: "autotls"}, hostnames, ips, checkACMEHosts)
|
||||
}
|
||||
}
|
||||
|
||||
@ -629,6 +637,17 @@ func PrepareStaticConfig(ctx context.Context, configFile string, conf *Config, c
|
||||
}
|
||||
l.SMTP.DNSBLZones = append(l.SMTP.DNSBLZones, d)
|
||||
}
|
||||
if l.IPsNATed && len(l.NATIPs) > 0 {
|
||||
addErrorf("listener %q has both IPsNATed and NATIPs (remove deprecated IPsNATed)", name)
|
||||
}
|
||||
for _, ipstr := range l.NATIPs {
|
||||
ip := net.ParseIP(ipstr)
|
||||
if ip == nil {
|
||||
addErrorf("listener %q has invalid ip %q", name, ipstr)
|
||||
} else if ip.IsUnspecified() || ip.IsLoopback() {
|
||||
addErrorf("listener %q has NAT ip that is the unspecified or loopback address %s", name, ipstr)
|
||||
}
|
||||
}
|
||||
checkPath := func(kind string, enabled bool, path string) {
|
||||
if enabled && path != "" && !strings.HasPrefix(path, "/") {
|
||||
addErrorf("listener %q has %s with path %q that must start with a slash", name, kind, path)
|
||||
|
Reference in New Issue
Block a user