summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorFrancis Lavoie <lavofr@gmail.com>2022-06-22 15:01:57 -0400
committerGitHub <noreply@github.com>2022-06-22 15:01:57 -0400
commit25f10511e7ef80c10493519499c479f6ffa49a0f (patch)
tree3782d1a974fa433250db2b413dd812b9329fcd08 /modules
parentb6e96fa3c5fcb7601142b8ad569793a1b9c2c5eb (diff)
reverseproxy: Fix panic when TLS is not configured (#4848)
* reverseproxy: Fix panic when TLS is not configured * Refactor and simplify setScheme Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
Diffstat (limited to 'modules')
-rw-r--r--modules/caddyhttp/reverseproxy/httptransport.go39
1 files changed, 23 insertions, 16 deletions
diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go
index 1fac420..94a0938 100644
--- a/modules/caddyhttp/reverseproxy/httptransport.go
+++ b/modules/caddyhttp/reverseproxy/httptransport.go
@@ -281,7 +281,7 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) {
repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
transport := h.replaceTLSServername(repl)
- transport.SetScheme(req)
+ transport.setScheme(req)
// if H2C ("HTTP/2 over cleartext") is enabled and the upstream request is
// HTTP without TLS, use the alternate H2C-capable transport instead
@@ -292,27 +292,34 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) {
return transport.Transport.RoundTrip(req)
}
-// SetScheme ensures that the outbound request req
+// setScheme ensures that the outbound request req
// has the scheme set in its URL; the underlying
// http.Transport requires a scheme to be set.
-func (h *HTTPTransport) SetScheme(req *http.Request) {
- skipTLSport := false
- if h.TLS.ExceptPorts != nil {
- port := req.URL.Port()
- for i := range h.TLS.ExceptPorts {
- if h.TLS.ExceptPorts[i] == port {
- skipTLSport = true
- break
- }
- }
+func (h *HTTPTransport) setScheme(req *http.Request) {
+ if req.URL.Scheme != "" {
+ return
}
-
- if req.URL.Scheme == "" {
+ if h.shouldUseTLS(req) {
+ req.URL.Scheme = "https"
+ } else {
req.URL.Scheme = "http"
- if h.TLS != nil && !skipTLSport {
- req.URL.Scheme = "https"
+ }
+}
+
+// shouldUseTLS returns true if TLS should be used for req.
+func (h *HTTPTransport) shouldUseTLS(req *http.Request) bool {
+ if h.TLS == nil {
+ return false
+ }
+
+ port := req.URL.Port()
+ for i := range h.TLS.ExceptPorts {
+ if h.TLS.ExceptPorts[i] == port {
+ return false
}
}
+
+ return true
}
// TLSEnabled returns true if TLS is enabled.