From 25f10511e7ef80c10493519499c479f6ffa49a0f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 22 Jun 2022 15:01:57 -0400 Subject: [PATCH] reverseproxy: Fix panic when TLS is not configured (#4848) * reverseproxy: Fix panic when TLS is not configured * Refactor and simplify setScheme Co-authored-by: Matthew Holt --- .../caddyhttp/reverseproxy/httptransport.go | 41 +++++++++++-------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 1fac4209..94a09380 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -281,7 +281,7 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) transport := h.replaceTLSServername(repl) - transport.SetScheme(req) + transport.setScheme(req) // if H2C ("HTTP/2 over cleartext") is enabled and the upstream request is // HTTP without TLS, use the alternate H2C-capable transport instead @@ -292,27 +292,34 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { return transport.Transport.RoundTrip(req) } -// SetScheme ensures that the outbound request req +// setScheme ensures that the outbound request req // has the scheme set in its URL; the underlying // http.Transport requires a scheme to be set. -func (h *HTTPTransport) SetScheme(req *http.Request) { - skipTLSport := false - if h.TLS.ExceptPorts != nil { - port := req.URL.Port() - for i := range h.TLS.ExceptPorts { - if h.TLS.ExceptPorts[i] == port { - skipTLSport = true - break - } +func (h *HTTPTransport) setScheme(req *http.Request) { + if req.URL.Scheme != "" { + return + } + if h.shouldUseTLS(req) { + req.URL.Scheme = "https" + } else { + req.URL.Scheme = "http" + } +} + +// shouldUseTLS returns true if TLS should be used for req. +func (h *HTTPTransport) shouldUseTLS(req *http.Request) bool { + if h.TLS == nil { + return false + } + + port := req.URL.Port() + for i := range h.TLS.ExceptPorts { + if h.TLS.ExceptPorts[i] == port { + return false } } - if req.URL.Scheme == "" { - req.URL.Scheme = "http" - if h.TLS != nil && !skipTLSport { - req.URL.Scheme = "https" - } - } + return true } // TLSEnabled returns true if TLS is enabled.