From 721c100bb080f162d8b03353422b2bf3883e45ca Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 19 Jun 2019 16:55:27 -0600 Subject: [PATCH] Use CertMagic's HTTP and HTTPS port variable Slightly inconvenient because it uses int type and we use string, but oh well. This fixes a bug related to setting -http-port and -https-port flags which weren't being used by CertMagic in some cases. --- caddyhttp/httpserver/https.go | 15 ++++++----- caddyhttp/httpserver/plugin.go | 42 ++++++++++++++++-------------- caddyhttp/httpserver/tplcontext.go | 4 ++- 3 files changed, 34 insertions(+), 27 deletions(-) diff --git a/caddyhttp/httpserver/https.go b/caddyhttp/httpserver/https.go index 24b18b8a8..eb61ba232 100644 --- a/caddyhttp/httpserver/https.go +++ b/caddyhttp/httpserver/https.go @@ -18,6 +18,7 @@ import ( "fmt" "net" "net/http" + "strconv" "github.com/mholt/caddy" "github.com/mholt/caddy/caddytls" @@ -125,7 +126,7 @@ func enableAutoHTTPS(configs []*SiteConfig, loadCertificates bool) error { cfg.TLS.Enabled && (!cfg.TLS.Manual || cfg.TLS.Manager.OnDemand != nil) && cfg.Addr.Host != "localhost" { - cfg.Addr.Port = HTTPSPort + cfg.Addr.Port = strconv.Itoa(certmagic.HTTPSPort) } } return nil @@ -138,10 +139,12 @@ func enableAutoHTTPS(configs []*SiteConfig, loadCertificates bool) error { // only set up redirects for configs that qualify. It returns the updated list of // all configs. func makePlaintextRedirects(allConfigs []*SiteConfig) []*SiteConfig { + httpPort := strconv.Itoa(certmagic.HTTPPort) + httpsPort := strconv.Itoa(certmagic.HTTPSPort) for i, cfg := range allConfigs { if cfg.TLS.Managed && - !hostHasOtherPort(allConfigs, i, HTTPPort) && - (cfg.Addr.Port == HTTPSPort || !hostHasOtherPort(allConfigs, i, HTTPSPort)) { + !hostHasOtherPort(allConfigs, i, httpPort) && + (cfg.Addr.Port == httpsPort || !hostHasOtherPort(allConfigs, i, httpsPort)) { allConfigs = append(allConfigs, redirPlaintextHost(cfg)) } } @@ -167,10 +170,10 @@ func hostHasOtherPort(allConfigs []*SiteConfig, thisConfigIdx int, otherPort str // redirPlaintextHost returns a new plaintext HTTP configuration for // a virtualHost that simply redirects to cfg, which is assumed to // be the HTTPS configuration. The returned configuration is set -// to listen on HTTPPort. The TLS field of cfg must not be nil. +// to listen on certmagic.HTTPPort. The TLS field of cfg must not be nil. func redirPlaintextHost(cfg *SiteConfig) *SiteConfig { redirPort := cfg.Addr.Port - if redirPort == HTTPSPort { + if redirPort == strconv.Itoa(certmagic.HTTPSPort) { // By default, HTTPSPort should be DefaultHTTPSPort, // which of course doesn't need to be explicitly stated // in the Location header. Even if HTTPSPort is changed @@ -210,7 +213,7 @@ func redirPlaintextHost(cfg *SiteConfig) *SiteConfig { } host := cfg.Addr.Host - port := HTTPPort + port := strconv.Itoa(certmagic.HTTPPort) addr := net.JoinHostPort(host, port) return &SiteConfig{ diff --git a/caddyhttp/httpserver/plugin.go b/caddyhttp/httpserver/plugin.go index 95b97e83c..c919f4728 100644 --- a/caddyhttp/httpserver/plugin.go +++ b/caddyhttp/httpserver/plugin.go @@ -38,8 +38,8 @@ import ( const serverType = "http" func init() { - flag.StringVar(&HTTPPort, "http-port", HTTPPort, "Default port to use for HTTP") - flag.StringVar(&HTTPSPort, "https-port", HTTPSPort, "Default port to use for HTTPS") + flag.IntVar(&certmagic.HTTPPort, "http-port", certmagic.HTTPPort, "Default port to use for HTTP") + flag.IntVar(&certmagic.HTTPSPort, "https-port", certmagic.HTTPSPort, "Default port to use for HTTPS") flag.StringVar(&Host, "host", DefaultHost, "Default host") flag.StringVar(&Port, "port", DefaultPort, "Default port") flag.StringVar(&Root, "root", DefaultRoot, "Root path of default site") @@ -128,6 +128,8 @@ func (h *httpContext) saveConfig(key string, cfg *SiteConfig) { // be parsed and executed. func (h *httpContext) InspectServerBlocks(sourceFile string, serverBlocks []caddyfile.ServerBlock) ([]caddyfile.ServerBlock, error) { siteAddrs := make(map[string]string) + httpPort := strconv.Itoa(certmagic.HTTPPort) + httpsPort := strconv.Itoa(certmagic.HTTPSPort) // For each address in each server block, make a new config for _, sb := range serverBlocks { @@ -172,15 +174,15 @@ func (h *httpContext) InspectServerBlocks(sourceFile string, serverBlocks []cadd // If default HTTP or HTTPS ports have been customized, // make sure the ACME challenge ports match var altHTTPPort, altTLSALPNPort int - if HTTPPort != DefaultHTTPPort { - portInt, err := strconv.Atoi(HTTPPort) + if httpPort != DefaultHTTPPort { + portInt, err := strconv.Atoi(httpPort) if err != nil { return nil, err } altHTTPPort = portInt } - if HTTPSPort != DefaultHTTPSPort { - portInt, err := strconv.Atoi(HTTPSPort) + if httpsPort != DefaultHTTPSPort { + portInt, err := strconv.Atoi(httpsPort) if err != nil { return nil, err } @@ -228,6 +230,9 @@ func (h *httpContext) InspectServerBlocks(sourceFile string, serverBlocks []cadd // MakeServers uses the newly-created siteConfigs to // create and return a list of server instances. func (h *httpContext) MakeServers() ([]caddy.Server, error) { + httpPort := strconv.Itoa(certmagic.HTTPPort) + httpsPort := strconv.Itoa(certmagic.HTTPSPort) + // make a rough estimate as to whether we're in a "production // environment/system" - start by assuming that most production // servers will set their default CA endpoint to a public, @@ -266,7 +271,7 @@ func (h *httpContext) MakeServers() ([]caddy.Server, error) { if !cfg.TLS.Enabled { continue } - if cfg.Addr.Port == HTTPPort || cfg.Addr.Scheme == "http" { + if cfg.Addr.Port == httpPort || cfg.Addr.Scheme == "http" { cfg.TLS.Enabled = false log.Printf("[WARNING] TLS disabled for %s", cfg.Addr) } else if cfg.Addr.Scheme == "" { @@ -281,7 +286,7 @@ func (h *httpContext) MakeServers() ([]caddy.Server, error) { // this is vital, otherwise the function call below that // sets the listener address will use the default port // instead of 443 because it doesn't know about TLS. - cfg.Addr.Port = HTTPSPort + cfg.Addr.Port = httpsPort } if cfg.TLS.ClientAuth != tls.NoClientCert { if QUIC { @@ -421,7 +426,7 @@ func (a Address) String() string { } scheme := a.Scheme if scheme == "" { - if a.Port == HTTPSPort { + if a.Port == strconv.Itoa(certmagic.HTTPSPort) { scheme = "https" } else { scheme = "http" @@ -502,6 +507,9 @@ func (a Address) Key() string { func standardizeAddress(str string) (Address, error) { input := str + httpPort := strconv.Itoa(certmagic.HTTPPort) + httpsPort := strconv.Itoa(certmagic.HTTPSPort) + // Split input into components (prepend with // to assert host by default) if !strings.Contains(str, "//") && !strings.HasPrefix(str, "/") { str = "//" + str @@ -523,9 +531,9 @@ func standardizeAddress(str string) (Address, error) { // see if we can set port based off scheme if port == "" { if u.Scheme == "http" { - port = HTTPPort + port = httpPort } else if u.Scheme == "https" { - port = HTTPSPort + port = httpsPort } } @@ -535,17 +543,17 @@ func standardizeAddress(str string) (Address, error) { } // error if scheme and port combination violate convention - if (u.Scheme == "http" && port == HTTPSPort) || (u.Scheme == "https" && port == HTTPPort) { + if (u.Scheme == "http" && port == httpsPort) || (u.Scheme == "https" && port == httpPort) { return Address{}, fmt.Errorf("[%s] scheme and port violate convention", input) } // standardize http and https ports to their respective port numbers if port == "http" { u.Scheme = "http" - port = HTTPPort + port = httpPort } else if port == "https" { u.Scheme = "https" - port = HTTPSPort + port = httpsPort } return Address{Original: input, Scheme: u.Scheme, Host: host, Port: port, Path: u.Path}, err @@ -723,10 +731,4 @@ var ( // QUIC indicates whether QUIC is enabled or not. QUIC bool - - // HTTPPort is the port to use for HTTP. - HTTPPort = DefaultHTTPPort - - // HTTPSPort is the port to use for HTTPS. - HTTPSPort = DefaultHTTPSPort ) diff --git a/caddyhttp/httpserver/tplcontext.go b/caddyhttp/httpserver/tplcontext.go index ccad27a1b..0ef93d355 100644 --- a/caddyhttp/httpserver/tplcontext.go +++ b/caddyhttp/httpserver/tplcontext.go @@ -25,6 +25,7 @@ import ( "net/http" "net/url" "path" + "strconv" "strings" "sync" "text/template" @@ -33,6 +34,7 @@ import ( "os" "github.com/mholt/caddy/caddytls" + "github.com/mholt/certmagic" "github.com/russross/blackfriday" ) @@ -178,7 +180,7 @@ func (c Context) Port() (string, error) { if err != nil { if !strings.Contains(c.Req.Host, ":") { // common with sites served on the default port 80 - return HTTPPort, nil + return strconv.Itoa(certmagic.HTTPPort), nil } return "", err }