From 9169cd43d49236c69d5c9b7c556cb0ac0c9ce497 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 9 Sep 2019 08:25:48 -0600 Subject: Log when auto HTTPS or auto HTTP->HTTPS redirects are disabled --- modules/caddyhttp/caddyhttp.go | 8 ++++++++ modules/caddyhttp/server.go | 17 +++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 6d8e921..99bd952 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -234,6 +234,8 @@ func (app *App) automaticHTTPS() error { // skip if all listeners use the HTTP port if !srv.listenersUseAnyPortOtherThan(app.HTTPPort) { + log.Printf("[INFO] Server %v is only listening on the HTTP port %d, so no automatic HTTPS will be applied to this server", + srv.Listen, app.HTTPPort) continue } @@ -315,6 +317,12 @@ func (app *App) automaticHTTPS() error { log.Printf("[INFO] Enabling automatic HTTP->HTTPS redirects for %v", domains) + // notify user if their config might override the HTTP->HTTPS redirects + if srv.listenersIncludePort(app.HTTPPort) { + log.Printf("[WARNING] Server %v is listening on HTTP port %d, so automatic HTTP->HTTPS redirects may be overridden by your own configuration", + srv.Listen, app.HTTPPort) + } + // create HTTP->HTTPS redirects for _, addr := range srv.Listen { netw, host, port, err := caddy.SplitListenAddr(addr) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 885ba0b..5b651fc 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -181,6 +181,23 @@ func (s *Server) listenersUseAnyPortOtherThan(otherPort int) bool { return false } +// listenersIncludePort returns true if there are any +// listeners in s that use otherPort. +func (s *Server) listenersIncludePort(otherPort int) bool { + for _, lnAddr := range s.Listen { + _, addrs, err := caddy.ParseListenAddr(lnAddr) + if err == nil { + for _, a := range addrs { + _, port, err := net.SplitHostPort(a) + if err == nil && port == strconv.Itoa(otherPort) { + return true + } + } + } + } + return false +} + func (s *Server) hasTLSClientAuth() bool { for _, cp := range s.TLSConnPolicies { if cp.ClientAuthentication != nil && cp.ClientAuthentication.Active() { -- cgit v1.2.3