From 994b9033e96da270dca48ab01377431028c06b52 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 9 Jan 2020 14:39:49 -0700 Subject: http: Don't use a Host matcher for HTTP->HTTPS redirects In case on-demand TLS is enabled, in that case we don't know the only names that have automatic HTTPS. See https://caddy.community/t/v2-http-to-https-redirects-fail-for-on-demand-ssl-certs/6742?u=matt --- modules/caddyhttp/caddyhttp.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 0aa1d6c..8ff2fb6 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -486,12 +486,7 @@ func (app *App) automaticHTTPS() error { // create the route that does the redirect and associate // it with the listener address it will be served from lnAddrRedirRoutes[httpRedirLnAddr] = Route{ - MatcherSets: []MatcherSet{ - { - MatchProtocol("http"), - MatchHost(domains), - }, - }, + MatcherSets: []MatcherSet{{MatchProtocol("http")}}, Handlers: []MiddlewareHandler{ StaticResponse{ StatusCode: WeakString(strconv.Itoa(http.StatusPermanentRedirect)), -- cgit v1.2.3