http: Enable TLS for servers listening only on HTTPS port

It seems silly to have to add a single, empty TLS connection policy to a server to enable TLS when it's only listening on the HTTPS port. We now do this for the user as part of automatic HTTPS (thus, it can be disabled / overridden). See https://caddy.community/t/v2-catch-all-server-with-automatic-tls/6692/2?u=matt
author: Matthew Holt <mholt@users.noreply.github.com> 2019-12-28 23:56:08 -0700
committer: Matthew Holt <mholt@users.noreply.github.com> 2019-12-28 23:56:08 -0700
commit: 2b33d9a5e5d1bd12d27bea2cfe8341fd1e5703b2 (patch)
tree: 8dbf34223bc9a89783ab953459df7a6f2591339c /modules/caddytls/connpolicy.go
parent: 5c8b502964457646ada348c6bc8ba7180771b7ca (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 6ce6b9e..658adb9 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -106,6 +106,7 @@ func (cp ConnectionPolicies) TLSConfig(ctx caddy.Context) (*tls.Config, error) {
 }
 
 // ConnectionPolicy specifies the logic for handling a TLS handshake.
+// An empty policy is valid; safe and sensible defaults will be used.
 type ConnectionPolicy struct {
 	// How to match this policy with a TLS ClientHello. If
 	// this policy is the first to match, it will be used.
author	Matthew Holt <mholt@users.noreply.github.com>	2019-12-28 23:56:08 -0700
committer	Matthew Holt <mholt@users.noreply.github.com>	2019-12-28 23:56:08 -0700
commit	2b33d9a5e5d1bd12d27bea2cfe8341fd1e5703b2 (patch)
tree	8dbf34223bc9a89783ab953459df7a6f2591339c /modules/caddytls/connpolicy.go
parent	5c8b502964457646ada348c6bc8ba7180771b7ca (diff)