diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-01-23 13:17:16 -0700 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-01-23 13:17:16 -0700 |
commit | 8b2ad61220f199e7329f218e21a6950bb1ab4c67 (patch) | |
tree | 34acde47f5134d31a1230158183174e886999c72 /caddyconfig/httpcaddyfile | |
parent | 6614d1c495f3266037d36b4c2f4f70fcc73acad1 (diff) |
httpcaddyfile: Skip hosts from auto-https when http:// scheme (fix #2998)
Diffstat (limited to 'caddyconfig/httpcaddyfile')
-rw-r--r-- | caddyconfig/httpcaddyfile/httptype.go | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 20621bb..22050f1 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -389,6 +389,24 @@ func (st *ServerType) serversFromPairings( // TODO: consolidate equal conn policies } + // exclude any hosts that were defined explicitly with + // "http://" in the key from automated cert management (issue #2998) + for _, key := range sblock.block.Keys { + addr, err := ParseAddress(key) + if err != nil { + return nil, err + } + addr = addr.Normalize() + if addr.Scheme == "http" { + if srv.AutoHTTPS == nil { + srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig) + } + if !sliceContains(srv.AutoHTTPS.Skip, addr.Host) { + srv.AutoHTTPS.Skip = append(srv.AutoHTTPS.Skip, addr.Host) + } + } + } + // set up each handler directive, making sure to honor directive order dirRoutes := sblock.pile["route"] siteSubroute, err := buildSubroute(dirRoutes, groupCounter) @@ -723,6 +741,16 @@ func tryInt(val interface{}, warnings *[]caddyconfig.Warning) int { return intVal } +// sliceContains returns true if needle is in haystack. +func sliceContains(haystack []string, needle string) bool { + for _, s := range haystack { + if s == needle { + return true + } + } + return false +} + // specifity returns len(s) minus any wildcards (*) and // placeholders ({...}). Basically, it's a length count // that penalizes the use of wildcards and placeholders. |