summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt5
-rw-r--r--modules/caddyhttp/reverseproxy/caddyfile.go9
-rw-r--r--modules/caddyhttp/reverseproxy/httptransport.go20
3 files changed, 33 insertions, 1 deletions
diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt
index 29f6d23..ea740f6 100644
--- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt
+++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt
@@ -25,6 +25,7 @@ https://example.com {
keepalive_idle_conns_per_host 2
keepalive_interval 30s
renegotiation freely
+ except_ports 8181 8182
}
}
}
@@ -93,6 +94,10 @@ https://example.com {
},
"response_header_timeout": 8000000000,
"tls": {
+ "except_ports": [
+ "8181",
+ "8182"
+ ],
"renegotiation": "freely"
},
"versions": [
diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go
index dfb30d8..b2bdf04 100644
--- a/modules/caddyhttp/reverseproxy/caddyfile.go
+++ b/modules/caddyhttp/reverseproxy/caddyfile.go
@@ -1063,6 +1063,15 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
}
h.MaxConnsPerHost = num
+ case "except_ports":
+ if h.TLS == nil {
+ h.TLS = new(TLSConfig)
+ }
+ h.TLS.ExceptPorts = d.RemainingArgs()
+ if len(h.TLS.ExceptPorts) == 0 {
+ return d.ArgErr()
+ }
+
default:
return d.Errf("unrecognized subdirective %s", d.Val())
}
diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go
index eefc04a..1fac420 100644
--- a/modules/caddyhttp/reverseproxy/httptransport.go
+++ b/modules/caddyhttp/reverseproxy/httptransport.go
@@ -296,9 +296,20 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) {
// has the scheme set in its URL; the underlying
// http.Transport requires a scheme to be set.
func (h *HTTPTransport) SetScheme(req *http.Request) {
+ skipTLSport := false
+ if h.TLS.ExceptPorts != nil {
+ port := req.URL.Port()
+ for i := range h.TLS.ExceptPorts {
+ if h.TLS.ExceptPorts[i] == port {
+ skipTLSport = true
+ break
+ }
+ }
+ }
+
if req.URL.Scheme == "" {
req.URL.Scheme = "http"
- if h.TLS != nil {
+ if h.TLS != nil && !skipTLSport {
req.URL.Scheme = "https"
}
}
@@ -369,6 +380,13 @@ type TLSConfig struct {
// - "once": allows a remote server to request renegotiation once per connection.
// - "freely": allows a remote server to repeatedly request renegotiation.
Renegotiation string `json:"renegotiation,omitempty"`
+
+ // Skip TLS ports specifies a list of upstream ports on which TLS should not be
+ // attempted even if it is configured. Handy when using dynamic upstreams that
+ // return HTTP and HTTPS endpoints too.
+ // When specified, TLS will automatically be configured on the transport.
+ // The value can be a list of any valid tcp port numbers, default empty.
+ ExceptPorts []string `json:"except_ports,omitempty"`
}
// MakeTLSClientConfig returns a tls.Config usable by a client to a backend.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-11 07:45:09 +0000