From b6e96fa3c5fcb7601142b8ad569793a1b9c2c5eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kiss=20K=C3=A1roly=20P=C3=A1l?= Date: Mon, 20 Jun 2022 19:51:42 +0200 Subject: reverseproxy: Skip TLS for certain configured ports (#4843) * Make reverse proxy TLS server name replaceable for SNI upstreams. * Reverted previous TLS server name replacement, and implemented thread safe version. * Move TLS servername replacement into it's own function * Moved SNI servername replacement into httptransport. * Solve issue when dynamic upstreams use wrong protocol upstream. * Revert previous commit. Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream. Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d * Added SkipTLSPorts option to http transport. * Fix typo in test config file. * Rename config option as suggested by Matt Co-authored-by: Matt Holt * Update code to match renamed config option. * Fix typo in config option name. * Fix another typo that I missed. * Tests not completing because of apparent wrong ordering of options. Co-authored-by: Matt Holt --- modules/caddyhttp/reverseproxy/caddyfile.go | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'modules/caddyhttp/reverseproxy/caddyfile.go') diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index dfb30d8..b2bdf04 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -1063,6 +1063,15 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.MaxConnsPerHost = num + case "except_ports": + if h.TLS == nil { + h.TLS = new(TLSConfig) + } + h.TLS.ExceptPorts = d.RemainingArgs() + if len(h.TLS.ExceptPorts) == 0 { + return d.ArgErr() + } + default: return d.Errf("unrecognized subdirective %s", d.Val()) } -- cgit v1.2.3