diff options
author | Francis Lavoie <lavofr@gmail.com> | 2022-10-04 22:58:19 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-04 20:58:19 -0600 |
commit | 2808de1e30b873f9c8f4693eae59bd56f20ebbbe (patch) | |
tree | 2d428b0b111962230aecfe86cdbd97a743d1dd4f | |
parent | 253d97c93dce9a3365e67d0360b2e47dd165578e (diff) |
httpcaddyfile: Skip `automate` when `auto_https off` is specified (#5110)
-rw-r--r-- | caddyconfig/httpcaddyfile/tlsapp.go | 14 | ||||
-rw-r--r-- | caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt | 58 |
2 files changed, 68 insertions, 4 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 947512a..240cb02 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -48,6 +48,10 @@ func (st ServerType) buildTLSApp( if hsp, ok := options["https_port"].(int); ok { httpsPort = strconv.Itoa(hsp) } + autoHTTPS := "on" + if ah, ok := options["auto_https"].(string); ok { + autoHTTPS = ah + } // count how many server blocks have a TLS-enabled key with // no host, and find all hosts that share a server block with @@ -331,10 +335,12 @@ func (st ServerType) buildTLSApp( internalAP := &caddytls.AutomationPolicy{ IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)}, } - for h := range httpsHostsSharedWithHostlessKey { - al = append(al, h) - if !certmagic.SubjectQualifiesForPublicCert(h) { - internalAP.Subjects = append(internalAP.Subjects, h) + if autoHTTPS != "off" { + for h := range httpsHostsSharedWithHostlessKey { + al = append(al, h) + if !certmagic.SubjectQualifiesForPublicCert(h) { + internalAP.Subjects = append(internalAP.Subjects, h) + } } } if len(al) > 0 { diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt new file mode 100644 index 0000000..b6832ad --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt @@ -0,0 +1,58 @@ +# example from issue #4667 +{ + auto_https off +} + +https://, example.com { + tls test.crt test.key + respond "Hello World" +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "handle": [ + { + "body": "Hello World", + "handler": "static_response" + } + ] + } + ], + "tls_connection_policies": [ + { + "certificate_selection": { + "any_tag": [ + "cert0" + ] + } + } + ], + "automatic_https": { + "disable": true + } + } + } + }, + "tls": { + "certificates": { + "load_files": [ + { + "certificate": "test.crt", + "key": "test.key", + "tags": [ + "cert0" + ] + } + ] + } + } + } +}
\ No newline at end of file |