git.ipfire.org Git - thirdparty/haproxy.git/commit

author	William Lallemand <wlallemand@haproxy.com>
	Tue, 29 Apr 2025 14:08:31 +0000 (16:08 +0200)
committer	William Lallemand <wlallemand@haproxy.com>
	Tue, 29 Apr 2025 14:15:55 +0000 (16:15 +0200)
commit	5555926fdd3c844500525d677f9c35488555e87a
tree	473130ca26b015e5e0dd45c7afe1737801a0b771	tree
parent	0f9b3daf98a80004f90e9540b0385d419f0e4e16	commit \| diff

MEDIUM: acme: use a map to store tokens and thumbprints

The stateless mode which was documented previously in the ACME example
is not convenient for all use cases.

First, when HAProxy generates the account key itself, you wouldn't be
able to put the thumbprint in the configuration, so you will have to get
the thumbprint and then reload.
Second, in the case you are using multiple account key, there are
multiple thumbprint, and it's not easy to know which one you want to use
when responding to the challenger.

This patch allows to configure a map in the acme section, which will be
filled by the acme task with the token corresponding to the challenge,
as the key, and the thumbprint as the value. This way it's easy to reply
the right thumbprint.

Example:
http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].%[path,field(-1,/),map(virt@acme)]\n" if { path_beg '/.well-known/acme-challenge/' }

doc/configuration.txt		diff \| blob \| blame \| history
include/haproxy/acme-t.h		diff \| blob \| blame \| history
src/acme.c		diff \| blob \| blame \| history