summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2020-01-23 13:17:16 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2020-01-23 13:17:16 -0700
commit8b2ad61220f199e7329f218e21a6950bb1ab4c67 (patch)
tree34acde47f5134d31a1230158183174e886999c72
parent6614d1c495f3266037d36b4c2f4f70fcc73acad1 (diff)
httpcaddyfile: Skip hosts from auto-https when http:// scheme (fix #2998)
-rw-r--r--caddyconfig/httpcaddyfile/httptype.go28
1 files changed, 28 insertions, 0 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go
index 20621bb..22050f1 100644
--- a/caddyconfig/httpcaddyfile/httptype.go
+++ b/caddyconfig/httpcaddyfile/httptype.go
@@ -389,6 +389,24 @@ func (st *ServerType) serversFromPairings(
// TODO: consolidate equal conn policies
}
+ // exclude any hosts that were defined explicitly with
+ // "http://" in the key from automated cert management (issue #2998)
+ for _, key := range sblock.block.Keys {
+ addr, err := ParseAddress(key)
+ if err != nil {
+ return nil, err
+ }
+ addr = addr.Normalize()
+ if addr.Scheme == "http" {
+ if srv.AutoHTTPS == nil {
+ srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig)
+ }
+ if !sliceContains(srv.AutoHTTPS.Skip, addr.Host) {
+ srv.AutoHTTPS.Skip = append(srv.AutoHTTPS.Skip, addr.Host)
+ }
+ }
+ }
+
// set up each handler directive, making sure to honor directive order
dirRoutes := sblock.pile["route"]
siteSubroute, err := buildSubroute(dirRoutes, groupCounter)
@@ -723,6 +741,16 @@ func tryInt(val interface{}, warnings *[]caddyconfig.Warning) int {
return intVal
}
+// sliceContains returns true if needle is in haystack.
+func sliceContains(haystack []string, needle string) bool {
+ for _, s := range haystack {
+ if s == needle {
+ return true
+ }
+ }
+ return false
+}
+
// specifity returns len(s) minus any wildcards (*) and
// placeholders ({...}). Basically, it's a length count
// that penalizes the use of wildcards and placeholders.