今天新做了一个图集网站,纯静态的,使用hugo生成,怕更新的时候麻烦,所以打算使用caddy配合github的webhook实现自动更新,结果今天掉坑里了。

首先是目前最新的caddy2还没有官方直接支持打包插件生成二进制文件的地方,只能手动编译,我怕麻烦干脆直接用caddy1,结果,新的问题出现了。

当使用ssh的git地址配置caddy的git插件的时候,它给我这么个错误:

invalid port ":lovelh" after host

难受,明明是用户名,又不是端口,看来是解析出了问题。我一开始还以为是我自己配置不对,毕竟第一次用caddy。后来觉得不对,毕竟ssh的github地址就是那么写的啊,不应该错啊。另一方面,这么简单的问题,caddy的作者也不应该犯这种错误啊,一开始真就没怀疑。后来没办法,只好看看caddy-git的issues,结果还真有人遇到了同样的问题。

这里引用并感谢@doowzs这个issue下的回答。 > The author of this plugin uses Go 1.12.6 in testing, and the plugin works well in this environment. However, the updated official URL parser comes with later versions of Go, and the tests failed when I changed to Go v1.13. Official Caddy builds seem to use up-to-date Go packages, causing this plugin to break. :(

好吧,看来新版本的go修改了对url.Parse的解析,导致caddy在线编译的出来的二进制文件是有问题的。

@awoodbeck给了一个比较有趣的解决方案,并且fork了原来的caddy-git。 > This commit changed url.Parse’s behavior to satify CVE-2019-14809. Since this middleware relies on url.Parse, it was affected by the change.

We often use SSH URLs with relative paths (e.g., git@github.com:abiosoft/caddy-git.git where “abiosoft/caddy-git.git” is the relative path indicated by the “:“) as opposed to full paths (e.g., git@github.com/abiosoft/caddy-git.git indicated by the initial “/”), the first element of the relative path is treated as a named port (e.g. “:abiosoft” in my first example). This fails the URL parsing in Go since url.Parse no longer allows named ports.

My proposed solution is to insert a pseudo port of 0 just before passing the URL onto url.Parse and then removing this pseudo port if parsing succeeds. url.Parse doesn’t entirely consider SSH URLs with relative paths, so my proposed change is meant to make this middleware play nice with url.Parse.

看来终究逃不过自己编译一遍啊,哎~ 我还没有go的环境,得搭建一下,按照@awoodbeckfork的caddy-git编译一下吧。

package main

import (
    "github.com/caddyserver/caddy/caddy/caddymain"

    // Put all of your plugin imports here.
    _ "github.com/awoodbeck/caddy-git"
)

func main() {
    // Your choice to disable telemetry by uncommenting the following line.
    // caddymain.EnableTelemetry = false
    caddymain.Run()
}

嗯,就是这样,所以,我今天又熬夜了。