Initial implementation of global default SNI option (#3047)

* add global default sni

* fixed grammar

* httpcaddyfile: Reduce some duplicated code

* Um, re-commit already-committed commit, I guess? (sigh)

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

caddyconfig/httpcaddyfile/httptype.go

@@ -169,9 +169,10 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock,
 
 	// now that each server is configured, make the HTTP app
 	httpApp := caddyhttp.App{
-		HTTPPort:  tryInt(options["http_port"], &warnings),
-		HTTPSPort: tryInt(options["https_port"], &warnings),
-		Servers:   servers,
+		HTTPPort:   tryInt(options["http_port"], &warnings),
+		HTTPSPort:  tryInt(options["https_port"], &warnings),
+		DefaultSNI: tryString(options["default_sni"], &warnings),
+		Servers:    servers,
 	}
 
 	// now for the TLS app! (TODO: refactor into own func)
@@ -364,6 +365,8 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options
 			val, err = parseOptHTTPPort(disp)
 		case "https_port":
 			val, err = parseOptHTTPSPort(disp)
+		case "default_sni":
+			val, err = parseOptSingleString(disp)
 		case "order":
 			val, err = parseOptOrder(disp)
 		case "experimental_http3":
@@ -371,9 +374,9 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options
 		case "storage":
 			val, err = parseOptStorage(disp)
 		case "acme_ca", "acme_dns", "acme_ca_root":
-			val, err = parseOptACME(disp)
+			val, err = parseOptSingleString(disp)
 		case "email":
-			val, err = parseOptEmail(disp)
+			val, err = parseOptSingleString(disp)
 		case "admin":
 			val, err = parseOptAdmin(disp)
 		case "debug":
@@ -951,6 +954,14 @@ func tryInt(val interface{}, warnings *[]caddyconfig.Warning) int {
 	return intVal
 }
 
+func tryString(val interface{}, warnings *[]caddyconfig.Warning) string {
+	stringVal, ok := val.(string)
+	if val != nil && !ok && warnings != nil {
+		*warnings = append(*warnings, caddyconfig.Warning{Message: "not a string type"})
+	}
+	return stringVal
+}
+
 // sliceContains returns true if needle is in haystack.
 func sliceContains(haystack []string, needle string) bool {
 	for _, s := range haystack {

caddyconfig/httpcaddyfile/options.go

@@ -162,19 +162,7 @@ func parseOptStorage(d *caddyfile.Dispenser) (caddy.StorageConverter, error) {
 	return storage, nil
 }
 
-func parseOptACME(d *caddyfile.Dispenser) (string, error) {
-	d.Next() // consume parameter name
-	if !d.Next() {
-		return "", d.ArgErr()
-	}
-	val := d.Val()
-	if d.Next() {
-		return "", d.ArgErr()
-	}
-	return val, nil
-}
-
-func parseOptEmail(d *caddyfile.Dispenser) (string, error) {
+func parseOptSingleString(d *caddyfile.Dispenser) (string, error) {
 	d.Next() // consume parameter name
 	if !d.Next() {
 		return "", d.ArgErr()
@@ -190,11 +178,9 @@ func parseOptAdmin(d *caddyfile.Dispenser) (string, error) {
 	if d.Next() {
 		var listenAddress string
 		d.AllArgs(&listenAddress)
-
 		if listenAddress == "" {
 			listenAddress = caddy.DefaultAdminListen
 		}
-
 		return listenAddress, nil
 	}
 	return "", nil

modules/caddyhttp/caddyhttp.go

@@ -29,6 +29,7 @@ import (
 
 	"github.com/caddyserver/caddy/v2"
 	"github.com/lucas-clemente/quic-go/http3"
+	"github.com/mholt/certmagic"
 	"go.uber.org/zap"
 )
 
@@ -111,6 +112,10 @@ type App struct {
 	// affect functionality.
 	Servers map[string]*Server `json:"servers,omitempty"`
 
+	// DefaultSNI if set configures all certificate lookups to fallback to use
+	// this SNI name if a more specific certificate could not be found
+	DefaultSNI string `json:"default_sni,omitempty"`
+
 	servers     []*http.Server
 	h3servers   []*http3.Server
 	h3listeners []net.PacketConn
@@ -134,6 +139,8 @@ func (app *App) Provision(ctx caddy.Context) error {
 
 	repl := caddy.NewReplacer()
 
+	certmagic.Default.DefaultServerName = app.DefaultSNI
+
 	// this provisions the matchers for each route,
 	// and prepares auto HTTP->HTTP redirects, and
 	// is required before we provision each server