summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrancis Lavoie <lavofr@gmail.com>2020-05-19 18:59:51 -0400
committerGitHub <noreply@github.com>2020-05-19 16:59:51 -0600
commitfae064262d9c40393d634660b94d36ce6703aa1c (patch)
treee450612a8241255d7646a23ef9d1bd88c4a6fabd
parent9ee01dceac0a3e9f71c3b37dfbe3ae04e2f54986 (diff)
httpcaddyfile: Add `auto_https` global option (#3284)
-rw-r--r--caddyconfig/httpcaddyfile/httptype.go17
-rw-r--r--caddyconfig/httpcaddyfile/options.go16
-rw-r--r--caddytest/integration/caddyfile_adapt/auto_https_disable_redirects.txt34
-rw-r--r--caddytest/integration/caddyfile_adapt/auto_https_off.txt37
4 files changed, 103 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go
index 8e1ca74..fddb095 100644
--- a/caddyconfig/httpcaddyfile/httptype.go
+++ b/caddyconfig/httpcaddyfile/httptype.go
@@ -343,12 +343,27 @@ func (st *ServerType) serversFromPairings(
if hsp, ok := options["https_port"].(int); ok {
httpsPort = strconv.Itoa(hsp)
}
+ autoHTTPS := "on"
+ if ah, ok := options["auto_https"].(string); ok {
+ autoHTTPS = ah
+ }
for i, p := range pairings {
srv := &caddyhttp.Server{
Listen: p.addresses,
}
+ // handle the auto_https global option
+ if autoHTTPS != "on" {
+ srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig)
+ if autoHTTPS == "off" {
+ srv.AutoHTTPS.Disabled = true
+ }
+ if autoHTTPS == "disable_redirects" {
+ srv.AutoHTTPS.DisableRedir = true
+ }
+ }
+
// sort server blocks by their keys; this is important because
// only the first matching site should be evaluated, and we should
// attempt to match most specific site first (host and path), in
@@ -382,7 +397,7 @@ func (st *ServerType) serversFromPairings(
})
var hasCatchAllTLSConnPolicy, addressQualifiesForTLS bool
- autoHTTPSWillAddConnPolicy := true
+ autoHTTPSWillAddConnPolicy := autoHTTPS != "off"
// create a subroute for each site in the server block
for _, sblock := range p.serverBlocks {
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go
index 49a11f6..cecb3d4 100644
--- a/caddyconfig/httpcaddyfile/options.go
+++ b/caddyconfig/httpcaddyfile/options.go
@@ -38,6 +38,7 @@ func init() {
RegisterGlobalOption("on_demand_tls", parseOptOnDemand)
RegisterGlobalOption("local_certs", parseOptTrue)
RegisterGlobalOption("key_type", parseOptSingleString)
+ RegisterGlobalOption("auto_https", parseOptAutoHTTPS)
}
func parseOptTrue(d *caddyfile.Dispenser) (interface{}, error) {
@@ -264,3 +265,18 @@ func parseOptOnDemand(d *caddyfile.Dispenser) (interface{}, error) {
}
return ond, nil
}
+
+func parseOptAutoHTTPS(d *caddyfile.Dispenser) (interface{}, error) {
+ d.Next() // consume parameter name
+ if !d.Next() {
+ return "", d.ArgErr()
+ }
+ val := d.Val()
+ if d.Next() {
+ return "", d.ArgErr()
+ }
+ if val != "off" && val != "disable_redirects" {
+ return "", d.Errf("auto_https must be either 'off' or 'disable_redirects'")
+ }
+ return val, nil
+}
diff --git a/caddytest/integration/caddyfile_adapt/auto_https_disable_redirects.txt b/caddytest/integration/caddyfile_adapt/auto_https_disable_redirects.txt
new file mode 100644
index 0000000..61637bb
--- /dev/null
+++ b/caddytest/integration/caddyfile_adapt/auto_https_disable_redirects.txt
@@ -0,0 +1,34 @@
+{
+ auto_https disable_redirects
+}
+
+localhost
+----------
+{
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "localhost"
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ],
+ "automatic_https": {
+ "disable_redirects": true
+ }
+ }
+ }
+ }
+ }
+} \ No newline at end of file
diff --git a/caddytest/integration/caddyfile_adapt/auto_https_off.txt b/caddytest/integration/caddyfile_adapt/auto_https_off.txt
new file mode 100644
index 0000000..d4014d2
--- /dev/null
+++ b/caddytest/integration/caddyfile_adapt/auto_https_off.txt
@@ -0,0 +1,37 @@
+{
+ auto_https off
+}
+
+localhost
+----------
+{
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "localhost"
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ],
+ "tls_connection_policies": [
+ {}
+ ],
+ "automatic_https": {
+ "disable": true
+ }
+ }
+ }
+ }
+ }
+} \ No newline at end of file