From 202849055cc34015865f72509e91cf0ff8e0d160 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sun, 10 Jan 2016 20:47:43 -0700 Subject: [PATCH] tls: Extra requirements to set port to 443 It is unexpected to serve localhost on port 443 or any server on 443 if TLS is disabled, even if the port is blank. Also don't warn about how to force TLS on the HTTP port. --- caddy/setup/tls.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/caddy/setup/tls.go b/caddy/setup/tls.go index 0ca5f521..9e51bc15 100644 --- a/caddy/setup/tls.go +++ b/caddy/setup/tls.go @@ -11,10 +11,9 @@ import ( // TLS sets up the TLS configuration (but does not activate Let's Encrypt; that is handled elsewhere). func TLS(c *Controller) (middleware.Middleware, error) { - if c.Scheme == "http" && c.Port != "80" { + if c.Scheme == "http" { c.TLS.Enabled = false - log.Printf("[WARNING] TLS disabled for %s://%s. To force TLS over the plaintext HTTP port, "+ - "specify port 80 explicitly (https://%s:80).", c.Scheme, c.Address(), c.Host) + log.Printf("[WARNING] TLS disabled for %s://%s.", c.Scheme, c.Address()) } else { c.TLS.Enabled = true } @@ -102,8 +101,9 @@ func SetDefaultTLSParams(c *server.Config) { // Prefer server cipher suites c.TLS.PreferServerCipherSuites = true - // Default TLS port is 443; only use if port is not manually specified - if c.Port == "" { + // Default TLS port is 443; only use if port is not manually specified, + // TLS is enabled, and the host is not localhost + if c.Port == "" && c.TLS.Enabled && c.Host != "localhost" { c.Port = "443" } }