diff --git a/main.go b/main.go index 884d796..dfb7108 100644 --- a/main.go +++ b/main.go @@ -43,7 +43,7 @@ func parseFrontend(srv *Server, d *Directive) error { return err } - var listenNames []string + var certNames []string for _, listenAddr := range d.Params { host, port, err := net.SplitHostPort(listenAddr) if err != nil { @@ -52,9 +52,9 @@ func parseFrontend(srv *Server, d *Directive) error { // TODO: come up with something more robust var name string - if host != "localhost" && net.ParseIP(host) == nil { + if host != "" && host != "localhost" && net.ParseIP(host) == nil { name = host - listenNames = append(listenNames, host) + certNames = append(certNames, host) host = "" } @@ -66,7 +66,7 @@ func parseFrontend(srv *Server, d *Directive) error { } } - if err := srv.certmagic.ManageAsync(context.Background(), listenNames); err != nil { + if err := srv.certmagic.ManageAsync(context.Background(), certNames); err != nil { return fmt.Errorf("failed to manage TLS certificates: %v", err) } diff --git a/server.go b/server.go index c930ed2..e07ae70 100644 --- a/server.go +++ b/server.go @@ -118,6 +118,8 @@ func (ln *Listener) handle(conn net.Conn) error { tlsState := tlsConn.ConnectionState() + // TODO: support wildcard certificates. Sadly this requires solving a DNS + // challenge. fe, ok := ln.Frontends[tlsState.ServerName] if !ok { fe, ok = ln.Frontends[""]