summaryrefslogtreecommitdiff
path: root/modules/caddyhttp/reverseproxy
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2020-10-22 12:40:23 -0600
committerMatthew Holt <mholt@users.noreply.github.com>2020-10-22 12:40:23 -0600
commitb6686a54d8b21bedbf042caa4a6c09d78d345fc7 (patch)
treedbd984913bfb5c0341b6e3899a9da332ad8a160b /modules/caddyhttp/reverseproxy
parent97caf368eea8d2c33a7786fbe3471b83b5b294dc (diff)
httpcaddyfile: Improve AP logic with OnDemand
We have users that have site blocks like *.*.tld with on-demand TLS enabled. While *.*.tld does not qualify for a publicly-trusted cert due to its wildcards, On-Demand TLS does not actually obtain a cert with those wildcards, since it uses the actual hostname on the handshake. This improves on that logic, but I am still not 100% satisfied with the result since I think we need to also check if another site block is more specific, like foo.example.tld, which might not have on-demand TLS enabled, and make sure an automation policy gets created before the more general policy with on-demand...
Diffstat (limited to 'modules/caddyhttp/reverseproxy')
0 files changed, 0 insertions, 0 deletions