From a58f240d3ecbb59285303746406cab50217f8d24 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 25 Mar 2022 00:54:03 -0400 Subject: httpcaddyfile: Fix #4640 (auto-HTTPS edgecase) (#4661) Guh, this is complicated. Fixes #4640 This also follows up on #4398 (reverting it) which made a change that technically worked, but was incorrect. It changed the condition in `hostsFromKeysNotHTTP` from `&&` to `||`, but then the function no longer did what its name said it would do, and it would return hosts even if they were marked with `http://`, if they used a non-HTTP port. That wasn't the intent of it. The test added in there was kept though, because it is a valid usecase. The actual fix is to check _earlier_ whether all the addresses explicitly have `http://`, and if so we can short circuit and skip considering the rest. --- .../caddyfile_adapt/tls_automation_policies_9.txt | 56 ++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_9.txt (limited to 'caddytest') diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_9.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_9.txt new file mode 100644 index 0000000..bd82e96 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_9.txt @@ -0,0 +1,56 @@ +# example from issue #4640 +http://foo:8447, http://127.0.0.1:8447 { + reverse_proxy 127.0.0.1:8080 +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8447" + ], + "routes": [ + { + "match": [ + { + "host": [ + "foo", + "127.0.0.1" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "127.0.0.1:8080" + } + ] + } + ] + } + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "foo", + "127.0.0.1" + ] + } + } + } + } + } +} \ No newline at end of file -- cgit v1.2.3