From a58f240d3ecbb59285303746406cab50217f8d24 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 25 Mar 2022 00:54:03 -0400 Subject: httpcaddyfile: Fix #4640 (auto-HTTPS edgecase) (#4661) Guh, this is complicated. Fixes #4640 This also follows up on #4398 (reverting it) which made a change that technically worked, but was incorrect. It changed the condition in `hostsFromKeysNotHTTP` from `&&` to `||`, but then the function no longer did what its name said it would do, and it would return hosts even if they were marked with `http://`, if they used a non-HTTP port. That wasn't the intent of it. The test added in there was kept though, because it is a valid usecase. The actual fix is to check _earlier_ whether all the addresses explicitly have `http://`, and if so we can short circuit and skip considering the rest. --- caddyconfig/httpcaddyfile/httptype.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'caddyconfig/httpcaddyfile/httptype.go') diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index d7716a4..f5dd68a 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -581,7 +581,7 @@ func (st *ServerType) serversFromPairings( } for _, addr := range sblock.keys { - // if server only uses HTTPS port, auto-HTTPS will not apply + // if server only uses HTTP port, auto-HTTPS will not apply if listenersUseAnyPortOtherThan(srv.Listen, httpPort) { // exclude any hosts that were defined explicitly with "http://" // in the key from automated cert management (issue #2998) -- cgit v1.2.3