summaryrefslogtreecommitdiff
path: root/caddyconfig
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2021-04-16 11:17:15 -0600
committerMatthew Holt <mholt@users.noreply.github.com>2021-04-16 11:17:22 -0600
commit96bb3659299ae5ef28ffb3f9a23e16417c570924 (patch)
treee8cec60fab91195aa2df86ed813a8594f5a6809a /caddyconfig
parent00e12aa918aedcfae3a69292efb70de615e172dd (diff)
httpcaddyfile: Take into account host scheme/port (fix #4113)
Diffstat (limited to 'caddyconfig')
-rw-r--r--caddyconfig/httpcaddyfile/tlsapp.go8
1 files changed, 4 insertions, 4 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 85f9e5a..1e32be0 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -54,7 +54,7 @@ func (st ServerType) buildTLSApp(
// a hostless key, so that they don't get forgotten/omitted
// by auto-HTTPS (since they won't appear in route matchers)
var serverBlocksWithTLSHostlessKey int
- hostsSharedWithHostlessKey := make(map[string]struct{})
+ httpsHostsSharedWithHostlessKey := make(map[string]struct{})
for _, pair := range pairings {
for _, sb := range pair.serverBlocks {
for _, addr := range sb.keys {
@@ -70,8 +70,8 @@ func (st ServerType) buildTLSApp(
if otherAddr.Original == addr.Original {
continue
}
- if otherAddr.Host != "" {
- hostsSharedWithHostlessKey[otherAddr.Host] = struct{}{}
+ if otherAddr.Host != "" && otherAddr.Scheme != "http" && otherAddr.Port != httpPort {
+ httpsHostsSharedWithHostlessKey[otherAddr.Host] = struct{}{}
}
}
break
@@ -289,7 +289,7 @@ func (st ServerType) buildTLSApp(
internalAP := &caddytls.AutomationPolicy{
IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)},
}
- for h := range hostsSharedWithHostlessKey {
+ for h := range httpsHostsSharedWithHostlessKey {
al = append(al, h)
if !certmagic.SubjectQualifiesForPublicCert(h) {
internalAP.Subjects = append(internalAP.Subjects, h)