httpcaddyfile: Skip `automate` when `auto_https off` is specified (#5110)

author: Francis Lavoie <lavofr@gmail.com> 2022-10-04 22:58:19 -0400
committer: GitHub <noreply@github.com> 2022-10-04 20:58:19 -0600
commit: 2808de1e30b873f9c8f4693eae59bd56f20ebbbe (patch)
tree: 2d428b0b111962230aecfe86cdbd97a743d1dd4f /caddyconfig
parent: 253d97c93dce9a3365e67d0360b2e47dd165578e (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 947512a..240cb02 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -48,6 +48,10 @@ func (st ServerType) buildTLSApp(
 	if hsp, ok := options["https_port"].(int); ok {
 		httpsPort = strconv.Itoa(hsp)
 	}
+	autoHTTPS := "on"
+	if ah, ok := options["auto_https"].(string); ok {
+		autoHTTPS = ah
+	}
 
 	// count how many server blocks have a TLS-enabled key with
 	// no host, and find all hosts that share a server block with
@@ -331,10 +335,12 @@ func (st ServerType) buildTLSApp(
 	internalAP := &caddytls.AutomationPolicy{
 		IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)},
 	}
-	for h := range httpsHostsSharedWithHostlessKey {
-		al = append(al, h)
-		if !certmagic.SubjectQualifiesForPublicCert(h) {
-			internalAP.Subjects = append(internalAP.Subjects, h)
+	if autoHTTPS != "off" {
+		for h := range httpsHostsSharedWithHostlessKey {
+			al = append(al, h)
+			if !certmagic.SubjectQualifiesForPublicCert(h) {
+				internalAP.Subjects = append(internalAP.Subjects, h)
+			}
 		}
 	}
 	if len(al) > 0 {
author	Francis Lavoie <lavofr@gmail.com>	2022-10-04 22:58:19 -0400
committer	GitHub <noreply@github.com>	2022-10-04 20:58:19 -0600
commit	2808de1e30b873f9c8f4693eae59bd56f20ebbbe (patch)
tree	2d428b0b111962230aecfe86cdbd97a743d1dd4f /caddyconfig
parent	253d97c93dce9a3365e67d0360b2e47dd165578e (diff)