From 96bb3659299ae5ef28ffb3f9a23e16417c570924 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Fri, 16 Apr 2021 11:17:15 -0600
Subject: httpcaddyfile: Take into account host scheme/port (fix #4113)

---
 caddyconfig/httpcaddyfile/tlsapp.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'caddyconfig/httpcaddyfile')

diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 85f9e5a..1e32be0 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -54,7 +54,7 @@ func (st ServerType) buildTLSApp(
 	// a hostless key, so that they don't get forgotten/omitted
 	// by auto-HTTPS (since they won't appear in route matchers)
 	var serverBlocksWithTLSHostlessKey int
-	hostsSharedWithHostlessKey := make(map[string]struct{})
+	httpsHostsSharedWithHostlessKey := make(map[string]struct{})
 	for _, pair := range pairings {
 		for _, sb := range pair.serverBlocks {
 			for _, addr := range sb.keys {
@@ -70,8 +70,8 @@ func (st ServerType) buildTLSApp(
 						if otherAddr.Original == addr.Original {
 							continue
 						}
-						if otherAddr.Host != "" {
-							hostsSharedWithHostlessKey[otherAddr.Host] = struct{}{}
+						if otherAddr.Host != "" && otherAddr.Scheme != "http" && otherAddr.Port != httpPort {
+							httpsHostsSharedWithHostlessKey[otherAddr.Host] = struct{}{}
 						}
 					}
 					break
@@ -289,7 +289,7 @@ func (st ServerType) buildTLSApp(
 	internalAP := &caddytls.AutomationPolicy{
 		IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)},
 	}
-	for h := range hostsSharedWithHostlessKey {
+	for h := range httpsHostsSharedWithHostlessKey {
 		al = append(al, h)
 		if !certmagic.SubjectQualifiesForPublicCert(h) {
 			internalAP.Subjects = append(internalAP.Subjects, h)
-- 
cgit v1.2.3