summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarc Easen <marc@easen.co.uk>2021-10-26 20:54:19 +0100
committerGitHub <noreply@github.com>2021-10-26 13:54:19 -0600
commit012d235314fcc2a27302d00ee6f53459e54c0eb8 (patch)
tree5fc3ca4e53c0c1698b88a0e27fe6c1b2a69ddadf
parent997e41deae139dbf2cb3e95ed250070b40d6f3cb (diff)
httpcaddyfile: Empty tls policy for internal http localhost (#4398)
* test: replicated empty tls automation policy issue * fix: empty tls policy for an http:// endpoint running on a non-standard http port
-rw-r--r--caddyconfig/httpcaddyfile/directives.go2
-rw-r--r--caddytest/integration/caddyfile_adapt/tls_automation_policies_8.txt98
2 files changed, 99 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go
index 360f91e..9da205e 100644
--- a/caddyconfig/httpcaddyfile/directives.go
+++ b/caddyconfig/httpcaddyfile/directives.go
@@ -485,7 +485,7 @@ func (sb serverBlock) hostsFromKeysNotHTTP(httpPort string) []string {
if addr.Host == "" {
continue
}
- if addr.Scheme != "http" && addr.Port != httpPort {
+ if addr.Scheme != "http" || addr.Port != httpPort {
hostMap[addr.Host] = struct{}{}
}
}
diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_8.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_8.txt
new file mode 100644
index 0000000..1703178
--- /dev/null
+++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_8.txt
@@ -0,0 +1,98 @@
+# (this Caddyfile is contrived, but based on issues #4176 and #4198)
+
+http://example.com {
+}
+
+https://example.com {
+ tls abc@example.com
+}
+
+http://localhost:8081 {
+}
+
+----------
+{
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "example.com"
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ]
+ },
+ "srv1": {
+ "listen": [
+ ":80"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "example.com"
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ]
+ },
+ "srv2": {
+ "listen": [
+ ":8081"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "localhost"
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ],
+ "automatic_https": {
+ "skip": [
+ "localhost"
+ ]
+ }
+ }
+ }
+ },
+ "tls": {
+ "automation": {
+ "policies": [
+ {
+ "subjects": [
+ "example.com"
+ ],
+ "issuers": [
+ {
+ "email": "abc@example.com",
+ "module": "acme"
+ },
+ {
+ "email": "abc@example.com",
+ "module": "zerossl"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+} \ No newline at end of file