diff options
| author | Marc Easen <marc@easen.co.uk> | 2021-10-26 20:54:19 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-26 13:54:19 -0600 |
| commit | 012d235314fcc2a27302d00ee6f53459e54c0eb8 (patch) | |
| tree | 5fc3ca4e53c0c1698b88a0e27fe6c1b2a69ddadf | |
| parent | 997e41deae139dbf2cb3e95ed250070b40d6f3cb (diff) | |
httpcaddyfile: Empty tls policy for internal http localhost (#4398)
* test: replicated empty tls automation policy issue
* fix: empty tls policy for an http:// endpoint running on a non-standard http port
| -rw-r--r-- | caddyconfig/httpcaddyfile/directives.go | 2 | ||||
| -rw-r--r-- | caddytest/integration/caddyfile_adapt/tls_automation_policies_8.txt | 98 |
2 files changed, 99 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 360f91e..9da205e 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -485,7 +485,7 @@ func (sb serverBlock) hostsFromKeysNotHTTP(httpPort string) []string { if addr.Host == "" { continue } - if addr.Scheme != "http" && addr.Port != httpPort { + if addr.Scheme != "http" || addr.Port != httpPort { hostMap[addr.Host] = struct{}{} } } diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_8.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_8.txt new file mode 100644 index 0000000..1703178 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_8.txt @@ -0,0 +1,98 @@ +# (this Caddyfile is contrived, but based on issues #4176 and #4198) + +http://example.com { +} + +https://example.com { + tls abc@example.com +} + +http://localhost:8081 { +} + +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv2": { + "listen": [ + ":8081" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "localhost" + ] + } + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "example.com" + ], + "issuers": [ + { + "email": "abc@example.com", + "module": "acme" + }, + { + "email": "abc@example.com", + "module": "zerossl" + } + ] + } + ] + } + } + } +}
\ No newline at end of file |