summaryrefslogtreecommitdiff
path: root/caddyconfig/httpcaddyfile
diff options
context:
space:
mode:
authorFrancis Lavoie <lavofr@gmail.com>2022-10-04 22:58:19 -0400
committerGitHub <noreply@github.com>2022-10-04 20:58:19 -0600
commit2808de1e30b873f9c8f4693eae59bd56f20ebbbe (patch)
tree2d428b0b111962230aecfe86cdbd97a743d1dd4f /caddyconfig/httpcaddyfile
parent253d97c93dce9a3365e67d0360b2e47dd165578e (diff)
httpcaddyfile: Skip `automate` when `auto_https off` is specified (#5110)
Diffstat (limited to 'caddyconfig/httpcaddyfile')
-rw-r--r--caddyconfig/httpcaddyfile/tlsapp.go14
1 files changed, 10 insertions, 4 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 947512a..240cb02 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -48,6 +48,10 @@ func (st ServerType) buildTLSApp(
if hsp, ok := options["https_port"].(int); ok {
httpsPort = strconv.Itoa(hsp)
}
+ autoHTTPS := "on"
+ if ah, ok := options["auto_https"].(string); ok {
+ autoHTTPS = ah
+ }
// count how many server blocks have a TLS-enabled key with
// no host, and find all hosts that share a server block with
@@ -331,10 +335,12 @@ func (st ServerType) buildTLSApp(
internalAP := &caddytls.AutomationPolicy{
IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)},
}
- for h := range httpsHostsSharedWithHostlessKey {
- al = append(al, h)
- if !certmagic.SubjectQualifiesForPublicCert(h) {
- internalAP.Subjects = append(internalAP.Subjects, h)
+ if autoHTTPS != "off" {
+ for h := range httpsHostsSharedWithHostlessKey {
+ al = append(al, h)
+ if !certmagic.SubjectQualifiesForPublicCert(h) {
+ internalAP.Subjects = append(internalAP.Subjects, h)
+ }
}
}
if len(al) > 0 {