summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--caddyconfig/httpcaddyfile/tlsapp.go14
-rw-r--r--caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt58
2 files changed, 68 insertions, 4 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 947512a..240cb02 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -48,6 +48,10 @@ func (st ServerType) buildTLSApp(
if hsp, ok := options["https_port"].(int); ok {
httpsPort = strconv.Itoa(hsp)
}
+ autoHTTPS := "on"
+ if ah, ok := options["auto_https"].(string); ok {
+ autoHTTPS = ah
+ }
// count how many server blocks have a TLS-enabled key with
// no host, and find all hosts that share a server block with
@@ -331,10 +335,12 @@ func (st ServerType) buildTLSApp(
internalAP := &caddytls.AutomationPolicy{
IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)},
}
- for h := range httpsHostsSharedWithHostlessKey {
- al = append(al, h)
- if !certmagic.SubjectQualifiesForPublicCert(h) {
- internalAP.Subjects = append(internalAP.Subjects, h)
+ if autoHTTPS != "off" {
+ for h := range httpsHostsSharedWithHostlessKey {
+ al = append(al, h)
+ if !certmagic.SubjectQualifiesForPublicCert(h) {
+ internalAP.Subjects = append(internalAP.Subjects, h)
+ }
}
}
if len(al) > 0 {
diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt
new file mode 100644
index 0000000..b6832ad
--- /dev/null
+++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt
@@ -0,0 +1,58 @@
+# example from issue #4667
+{
+ auto_https off
+}
+
+https://, example.com {
+ tls test.crt test.key
+ respond "Hello World"
+}
+----------
+{
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "handle": [
+ {
+ "body": "Hello World",
+ "handler": "static_response"
+ }
+ ]
+ }
+ ],
+ "tls_connection_policies": [
+ {
+ "certificate_selection": {
+ "any_tag": [
+ "cert0"
+ ]
+ }
+ }
+ ],
+ "automatic_https": {
+ "disable": true
+ }
+ }
+ }
+ },
+ "tls": {
+ "certificates": {
+ "load_files": [
+ {
+ "certificate": "test.crt",
+ "key": "test.key",
+ "tags": [
+ "cert0"
+ ]
+ }
+ ]
+ }
+ }
+ }
+} \ No newline at end of file