diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2021-04-16 11:17:15 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2021-04-16 11:17:22 -0600 |
commit | 96bb3659299ae5ef28ffb3f9a23e16417c570924 (patch) | |
tree | e8cec60fab91195aa2df86ed813a8594f5a6809a /caddyconfig | |
parent | 00e12aa918aedcfae3a69292efb70de615e172dd (diff) |
httpcaddyfile: Take into account host scheme/port (fix #4113)
Diffstat (limited to 'caddyconfig')
-rw-r--r-- | caddyconfig/httpcaddyfile/tlsapp.go | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 85f9e5a..1e32be0 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -54,7 +54,7 @@ func (st ServerType) buildTLSApp( // a hostless key, so that they don't get forgotten/omitted // by auto-HTTPS (since they won't appear in route matchers) var serverBlocksWithTLSHostlessKey int - hostsSharedWithHostlessKey := make(map[string]struct{}) + httpsHostsSharedWithHostlessKey := make(map[string]struct{}) for _, pair := range pairings { for _, sb := range pair.serverBlocks { for _, addr := range sb.keys { @@ -70,8 +70,8 @@ func (st ServerType) buildTLSApp( if otherAddr.Original == addr.Original { continue } - if otherAddr.Host != "" { - hostsSharedWithHostlessKey[otherAddr.Host] = struct{}{} + if otherAddr.Host != "" && otherAddr.Scheme != "http" && otherAddr.Port != httpPort { + httpsHostsSharedWithHostlessKey[otherAddr.Host] = struct{}{} } } break @@ -289,7 +289,7 @@ func (st ServerType) buildTLSApp( internalAP := &caddytls.AutomationPolicy{ IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)}, } - for h := range hostsSharedWithHostlessKey { + for h := range httpsHostsSharedWithHostlessKey { al = append(al, h) if !certmagic.SubjectQualifiesForPublicCert(h) { internalAP.Subjects = append(internalAP.Subjects, h) |