From 2808de1e30b873f9c8f4693eae59bd56f20ebbbe Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 4 Oct 2022 22:58:19 -0400 Subject: [PATCH] httpcaddyfile: Skip `automate` when `auto_https off` is specified (#5110) --- caddyconfig/httpcaddyfile/tlsapp.go | 14 +++-- .../tls_automation_policies_10.txt | 58 +++++++++++++++++++ 2 files changed, 68 insertions(+), 4 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 947512aa..240cb02d 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -48,6 +48,10 @@ func (st ServerType) buildTLSApp( if hsp, ok := options["https_port"].(int); ok { httpsPort = strconv.Itoa(hsp) } + autoHTTPS := "on" + if ah, ok := options["auto_https"].(string); ok { + autoHTTPS = ah + } // count how many server blocks have a TLS-enabled key with // no host, and find all hosts that share a server block with @@ -331,10 +335,12 @@ func (st ServerType) buildTLSApp( internalAP := &caddytls.AutomationPolicy{ IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)}, } - for h := range httpsHostsSharedWithHostlessKey { - al = append(al, h) - if !certmagic.SubjectQualifiesForPublicCert(h) { - internalAP.Subjects = append(internalAP.Subjects, h) + if autoHTTPS != "off" { + for h := range httpsHostsSharedWithHostlessKey { + al = append(al, h) + if !certmagic.SubjectQualifiesForPublicCert(h) { + internalAP.Subjects = append(internalAP.Subjects, h) + } } } if len(al) > 0 { diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt new file mode 100644 index 00000000..b6832ad1 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt @@ -0,0 +1,58 @@ +# example from issue #4667 +{ + auto_https off +} + +https://, example.com { + tls test.crt test.key + respond "Hello World" +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "handle": [ + { + "body": "Hello World", + "handler": "static_response" + } + ] + } + ], + "tls_connection_policies": [ + { + "certificate_selection": { + "any_tag": [ + "cert0" + ] + } + } + ], + "automatic_https": { + "disable": true + } + } + } + }, + "tls": { + "certificates": { + "load_files": [ + { + "certificate": "test.crt", + "key": "test.key", + "tags": [ + "cert0" + ] + } + ] + } + } + } +} \ No newline at end of file