mirror of https://github.com/caddyserver/caddy.git synced 2025-02-03 23:09:57 -05:00

httpcaddyfile: Don't add HTTP hosts to TLS APs (fix #4176 and fix #4198 )

In the Caddyfile, hosts specified for HTTP sockets (either scheme is "http" or it is on the HTTP port) should not be used as subjects in TLS automation policies (APs).

2021-06-09 14:35:09 -06:00

848 B

Raw Blame History

(this Caddyfile is contrived, but based on issues #4176 and #4198)

http://example.com { }

https://example.com { tls internal }

{ "apps": { "http": { "servers": { "srv0": { "listen": [ ":443" ], "routes": [ { "match": [ { "host": [ "example.com" ] } ], "terminal": true } ] }, "srv1": { "listen": [ ":80" ], "routes": [ { "match": [ { "host": [ "example.com" ] } ], "terminal": true } ] } } }, "tls": { "automation": { "policies": [ { "subjects": [ "example.com" ], "issuers": [ { "module": "internal" } ] } ] } } } }

848 B Raw Blame History

(this Caddyfile is contrived, but based on issues #4176 and #4198)

848 B

Raw Blame History