1
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-16 21:56:40 -05:00

httpcaddyfile: Fix #4640 (auto-HTTPS edgecase) (#4661)

Guh, this is complicated.

Fixes #4640

This also follows up on #4398 (reverting it) which made a change that technically worked, but was incorrect. It changed the condition in `hostsFromKeysNotHTTP` from `&&` to `||`, but then the function no longer did what its name said it would do, and it would return hosts even if they were marked with `http://`, if they used a non-HTTP port. That wasn't the intent of it. The test added in there was kept though, because it is a valid usecase.

The actual fix is to check _earlier_ whether all the addresses explicitly have `http://`, and if so we can short circuit and skip considering the rest.
This commit is contained in:
Francis Lavoie 2022-03-25 00:54:03 -04:00 committed by GitHub
parent 4b75f3e2f0
commit a58f240d3e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 75 additions and 2 deletions

View file

@ -494,7 +494,7 @@ func (sb serverBlock) hostsFromKeysNotHTTP(httpPort string) []string {
if addr.Host == "" { if addr.Host == "" {
continue continue
} }
if addr.Scheme != "http" || addr.Port != httpPort { if addr.Scheme != "http" && addr.Port != httpPort {
hostMap[addr.Host] = struct{}{} hostMap[addr.Host] = struct{}{}
} }
} }
@ -519,6 +519,17 @@ func (sb serverBlock) hasHostCatchAllKey() bool {
return false return false
} }
// isAllHTTP returns true if all sb keys explicitly specify
// the http:// scheme
func (sb serverBlock) isAllHTTP() bool {
for _, addr := range sb.keys {
if addr.Scheme != "http" {
return false
}
}
return true
}
type ( type (
// UnmarshalFunc is a function which can unmarshal Caddyfile // UnmarshalFunc is a function which can unmarshal Caddyfile
// tokens into zero or more config values using a Helper type. // tokens into zero or more config values using a Helper type.

View file

@ -581,7 +581,7 @@ func (st *ServerType) serversFromPairings(
} }
for _, addr := range sblock.keys { for _, addr := range sblock.keys {
// if server only uses HTTPS port, auto-HTTPS will not apply // if server only uses HTTP port, auto-HTTPS will not apply
if listenersUseAnyPortOtherThan(srv.Listen, httpPort) { if listenersUseAnyPortOtherThan(srv.Listen, httpPort) {
// exclude any hosts that were defined explicitly with "http://" // exclude any hosts that were defined explicitly with "http://"
// in the key from automated cert management (issue #2998) // in the key from automated cert management (issue #2998)

View file

@ -101,6 +101,12 @@ func (st ServerType) buildTLSApp(
} }
for _, sblock := range p.serverBlocks { for _, sblock := range p.serverBlocks {
// check the scheme of all the site addresses,
// skip building AP if they all had http://
if sblock.isAllHTTP() {
continue
}
// get values that populate an automation policy for this block // get values that populate an automation policy for this block
ap, err := newBaseAutomationPolicy(options, warnings, true) ap, err := newBaseAutomationPolicy(options, warnings, true)
if err != nil { if err != nil {

View file

@ -0,0 +1,56 @@
# example from issue #4640
http://foo:8447, http://127.0.0.1:8447 {
reverse_proxy 127.0.0.1:8080
}
----------
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":8447"
],
"routes": [
{
"match": [
{
"host": [
"foo",
"127.0.0.1"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "127.0.0.1:8080"
}
]
}
]
}
]
}
],
"terminal": true
}
],
"automatic_https": {
"skip": [
"foo",
"127.0.0.1"
]
}
}
}
}
}
}