0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-23 22:27:38 -05:00

tls: Extra requirements to set port to 443

It is unexpected to serve localhost on port 443 or any server on 443 if TLS is disabled, even if the port is blank. Also don't warn about how to force TLS on the HTTP port.
This commit is contained in:
Matthew Holt 2016-01-10 20:47:43 -07:00
parent 060ab92d29
commit 202849055c

View file

@ -11,10 +11,9 @@ import (
// TLS sets up the TLS configuration (but does not activate Let's Encrypt; that is handled elsewhere).
func TLS(c *Controller) (middleware.Middleware, error) {
if c.Scheme == "http" && c.Port != "80" {
if c.Scheme == "http" {
c.TLS.Enabled = false
log.Printf("[WARNING] TLS disabled for %s://%s. To force TLS over the plaintext HTTP port, "+
"specify port 80 explicitly (https://%s:80).", c.Scheme, c.Address(), c.Host)
log.Printf("[WARNING] TLS disabled for %s://%s.", c.Scheme, c.Address())
} else {
c.TLS.Enabled = true
}
@ -102,8 +101,9 @@ func SetDefaultTLSParams(c *server.Config) {
// Prefer server cipher suites
c.TLS.PreferServerCipherSuites = true
// Default TLS port is 443; only use if port is not manually specified
if c.Port == "" {
// Default TLS port is 443; only use if port is not manually specified,
// TLS is enabled, and the host is not localhost
if c.Port == "" && c.TLS.Enabled && c.Host != "localhost" {
c.Port = "443"
}
}