diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index f62543be..97cbed3a 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -81,8 +81,10 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er uniqueDomainsForCerts := make(map[string]struct{}) // this maps domain names for automatic HTTP->HTTPS - // redirects to their destination server address - redirDomains := make(map[string]caddy.NetworkAddress) + // redirects to their destination server addresses + // (there might be more than 1 if bind is used; see + // https://github.com/caddyserver/caddy/issues/3443) + redirDomains := make(map[string][]caddy.NetworkAddress) for srvName, srv := range app.Servers { // as a prerequisite, provision route matchers; this is @@ -220,7 +222,7 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er // an empty string to indicate a catch-all, which we have to // treat special later if len(serverDomainSet) == 0 { - redirDomains[""] = addr + redirDomains[""] = append(redirDomains[""], addr) continue } @@ -230,7 +232,7 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er // port, we'll have to choose one, so prefer the HTTPS port if _, ok := redirDomains[d]; !ok || addr.StartPort == uint(app.httpsPort()) { - redirDomains[d] = addr + redirDomains[d] = append(redirDomains[d], addr) } } } @@ -278,9 +280,11 @@ uniqueDomainsLoop: // we need to reduce the mapping, i.e. group domains by address // since new routes are appended to servers by their address domainsByAddr := make(map[string][]string) - for domain, addr := range redirDomains { - addrStr := addr.String() - domainsByAddr[addrStr] = append(domainsByAddr[addrStr], domain) + for domain, addrs := range redirDomains { + for _, addr := range addrs { + addrStr := addr.String() + domainsByAddr[addrStr] = append(domainsByAddr[addrStr], domain) + } } // these keep track of the redirect server address(es)