pages-server/server
Gusted 8b1f497bc4 Allow to use certificate even if domain validation fails (#160)
- Currently if the canonical domain validations fails(either for
legitimate reasons or for bug reasons like the request to Gitea/Forgejo
failing) it will use main domain certificate, which in the case for
custom domains will warrant a security error as the certificate isn't
issued to the custom domain.
- This patch handles this situation more gracefully and instead only
disallow obtaining a certificate if the domain validation fails, so in
the case that a certificate still exists it can still be used even if
the canonical domain validation fails. There's a small side effect,
legitimate users that remove domains from `.domain` will still be able
to use the removed domain(as long as the DNS records exists) as long as
the certificate currently hold by pages-server isn't expired.
- Given the increased usage in custom domains that are resulting in
errors, I think it ways more than the side effect.
- In order to future-proof against future slowdowns of instances, add a retry mechanism to the domain validation function, such that it's more likely to succeed even if the instance is not responding.
- Refactor the code a bit and add some comments.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: 6543 <6543@obermui.de>
Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/160
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: Gusted <gusted@noreply.codeberg.org>
Co-committed-by: Gusted <gusted@noreply.codeberg.org>
2023-02-10 01:38:15 +00:00
..
cache make mem cache an interface and inject 2021-12-05 14:48:51 +01:00
certificates Allow to use certificate even if domain validation fails (#160) 2023-02-10 01:38:15 +00:00
context Refactor split long functions (#135) 2022-11-12 20:43:44 +01:00
database Remove unnecessary conversion (#139) 2022-11-15 16:15:11 +01:00
dns switch to std http implementation instead of fasthttp (#106) 2022-11-12 20:37:20 +01:00
gitea Remove unnecessary conversion (#139) 2022-11-15 16:15:11 +01:00
handler Fix wrong redirect on custom domain with path (#154) 2023-01-11 00:00:37 +00:00
upstream Allow to use certificate even if domain validation fails (#160) 2023-02-10 01:38:15 +00:00
utils switch to std http implementation instead of fasthttp (#106) 2022-11-12 20:37:20 +01:00
version Release via CI (#94) 2022-06-14 20:35:11 +02:00
setup.go Remove unnecessary conversion (#139) 2022-11-15 16:15:11 +01:00