tls: Add tls_resolvers global option for DNS challenge configuration (#7297)

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2026-03-17 14:34:03 +00:00 · 2026-03-01 21:32:04 +01:00
parent 174fa2ddb9
commit f145bce553
10 changed files with 547 additions and 2 deletions
--- a/caddytest/integration/caddyfile_adapt/global_options_resolvers.caddyfiletest
+++ b/caddytest/integration/caddyfile_adapt/global_options_resolvers.caddyfiletest
@@ -0,0 +1,77 @@
+{
+	email test@example.com
+	dns mock
+	tls_resolvers 1.1.1.1 8.8.8.8
+	acme_dns
+}
+
+example.com {
+}
+----------
+{
+	"apps": {
+		"http": {
+			"servers": {
+				"srv0": {
+					"listen": [
+						":443"
+					],
+					"routes": [
+						{
+							"match": [
+								{
+									"host": [
+										"example.com"
+									]
+								}
+							],
+							"terminal": true
+						}
+					]
+				}
+			}
+		},
+		"tls": {
+			"automation": {
+				"policies": [
+					{
+						"issuers": [
+							{
+								"challenges": {
+									"dns": {
+										"resolvers": [
+											"1.1.1.1",
+											"8.8.8.8"
+										]
+									}
+								},
+								"email": "test@example.com",
+								"module": "acme"
+							},
+							{
+								"ca": "https://acme.zerossl.com/v2/DV90",
+								"challenges": {
+									"dns": {
+										"resolvers": [
+											"1.1.1.1",
+											"8.8.8.8"
+										]
+									}
+								},
+								"email": "test@example.com",
+								"module": "acme"
+							}
+						]
+					}
+				]
+			},
+			"dns": {
+				"name": "mock"
+			},
+			"resolvers": [
+				"1.1.1.1",
+				"8.8.8.8"
+			]
+		}
+	}
+}
--- a/caddytest/integration/caddyfile_adapt/global_options_resolvers_http_challenge.caddyfiletest
+++ b/caddytest/integration/caddyfile_adapt/global_options_resolvers_http_challenge.caddyfiletest
@@ -0,0 +1,38 @@
+{
+	tls_resolvers 1.1.1.1 8.8.8.8
+}
+
+example.com {
+}
+----------
+{
+	"apps": {
+		"http": {
+			"servers": {
+				"srv0": {
+					"listen": [
+						":443"
+					],
+					"routes": [
+						{
+							"match": [
+								{
+									"host": [
+										"example.com"
+									]
+								}
+							],
+							"terminal": true
+						}
+					]
+				}
+			}
+		},
+		"tls": {
+			"resolvers": [
+				"1.1.1.1",
+				"8.8.8.8"
+			]
+		}
+	}
+}
--- a/caddytest/integration/caddyfile_adapt/global_options_resolvers_local_dns_inherit.caddyfiletest
+++ b/caddytest/integration/caddyfile_adapt/global_options_resolvers_local_dns_inherit.caddyfiletest
@@ -0,0 +1,72 @@
+{
+	email test@example.com
+	dns mock
+	tls_resolvers 1.1.1.1 8.8.8.8
+}
+
+example.com {
+	tls {
+		dns mock
+	}
+}
+----------
+{
+	"apps": {
+		"http": {
+			"servers": {
+				"srv0": {
+					"listen": [
+						":443"
+					],
+					"routes": [
+						{
+							"match": [
+								{
+									"host": [
+										"example.com"
+									]
+								}
+							],
+							"terminal": true
+						}
+					]
+				}
+			}
+		},
+		"tls": {
+			"automation": {
+				"policies": [
+					{
+						"subjects": [
+							"example.com"
+						],
+						"issuers": [
+							{
+								"challenges": {
+									"dns": {
+										"provider": {
+											"name": "mock"
+										},
+										"resolvers": [
+											"1.1.1.1",
+											"8.8.8.8"
+										]
+									}
+								},
+								"email": "test@example.com",
+								"module": "acme"
+							}
+						]
+					}
+				]
+			},
+			"dns": {
+				"name": "mock"
+			},
+			"resolvers": [
+				"1.1.1.1",
+				"8.8.8.8"
+			]
+		}
+	}
+}
--- a/caddytest/integration/caddyfile_adapt/global_options_resolvers_local_override.caddyfiletest
+++ b/caddytest/integration/caddyfile_adapt/global_options_resolvers_local_override.caddyfiletest
@@ -0,0 +1,98 @@
+{
+	email test@example.com
+	dns mock
+	tls_resolvers 1.1.1.1 8.8.8.8
+	acme_dns
+}
+
+example.com {
+	tls {
+		resolvers 9.9.9.9
+	}
+}
+----------
+{
+	"apps": {
+		"http": {
+			"servers": {
+				"srv0": {
+					"listen": [
+						":443"
+					],
+					"routes": [
+						{
+							"match": [
+								{
+									"host": [
+										"example.com"
+									]
+								}
+							],
+							"terminal": true
+						}
+					]
+				}
+			}
+		},
+		"tls": {
+			"automation": {
+				"policies": [
+					{
+						"subjects": [
+							"example.com"
+						],
+						"issuers": [
+							{
+								"challenges": {
+									"dns": {
+										"resolvers": [
+											"9.9.9.9"
+										]
+									}
+								},
+								"email": "test@example.com",
+								"module": "acme"
+							}
+						]
+					},
+					{
+						"issuers": [
+							{
+								"challenges": {
+									"dns": {
+										"resolvers": [
+											"1.1.1.1",
+											"8.8.8.8"
+										]
+									}
+								},
+								"email": "test@example.com",
+								"module": "acme"
+							},
+							{
+								"ca": "https://acme.zerossl.com/v2/DV90",
+								"challenges": {
+									"dns": {
+										"resolvers": [
+											"1.1.1.1",
+											"8.8.8.8"
+										]
+									}
+								},
+								"email": "test@example.com",
+								"module": "acme"
+							}
+						]
+					}
+				]
+			},
+			"dns": {
+				"name": "mock"
+			},
+			"resolvers": [
+				"1.1.1.1",
+				"8.8.8.8"
+			]
+		}
+	}
+}
--- a/caddytest/integration/caddyfile_adapt/global_options_resolvers_mixed.caddyfiletest
+++ b/caddytest/integration/caddyfile_adapt/global_options_resolvers_mixed.caddyfiletest
@@ -0,0 +1,112 @@
+{
+	email test@example.com
+	dns mock
+	tls_resolvers 1.1.1.1 8.8.8.8
+	acme_dns
+}
+
+site1.example.com {
+}
+
+site2.example.com {
+	tls {
+		resolvers 9.9.9.9 8.8.4.4
+	}
+}
+----------
+{
+	"apps": {
+		"http": {
+			"servers": {
+				"srv0": {
+					"listen": [
+						":443"
+					],
+					"routes": [
+						{
+							"match": [
+								{
+									"host": [
+										"site1.example.com"
+									]
+								}
+							],
+							"terminal": true
+						},
+						{
+							"match": [
+								{
+									"host": [
+										"site2.example.com"
+									]
+								}
+							],
+							"terminal": true
+						}
+					]
+				}
+			}
+		},
+		"tls": {
+			"automation": {
+				"policies": [
+					{
+						"subjects": [
+							"site2.example.com"
+						],
+						"issuers": [
+							{
+								"challenges": {
+									"dns": {
+										"resolvers": [
+											"9.9.9.9",
+											"8.8.4.4"
+										]
+									}
+								},
+								"email": "test@example.com",
+								"module": "acme"
+							}
+						]
+					},
+					{
+						"issuers": [
+							{
+								"challenges": {
+									"dns": {
+										"resolvers": [
+											"1.1.1.1",
+											"8.8.8.8"
+										]
+									}
+								},
+								"email": "test@example.com",
+								"module": "acme"
+							},
+							{
+								"ca": "https://acme.zerossl.com/v2/DV90",
+								"challenges": {
+									"dns": {
+										"resolvers": [
+											"1.1.1.1",
+											"8.8.8.8"
+										]
+									}
+								},
+								"email": "test@example.com",
+								"module": "acme"
+							}
+						]
+					}
+				]
+			},
+			"dns": {
+				"name": "mock"
+			},
+			"resolvers": [
+				"1.1.1.1",
+				"8.8.8.8"
+			]
+		}
+	}
+}