mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-27 06:03:48 +03:00
httpcaddyfile: Wrap site block in subroute if host matcher used (#5130)
* httpcaddyfile: Wrap site block in subroute if host matcher used (fix #5124) * Correct boolean logic (oops)
This commit is contained in:
parent
33f60da9f2
commit
3e1fd2a8d4
4 changed files with 117 additions and 82 deletions
|
@ -907,11 +907,32 @@ func appendSubrouteToRouteList(routeList caddyhttp.RouteList,
|
|||
return routeList
|
||||
}
|
||||
|
||||
// No need to wrap the handlers in a subroute if this is the only server block
|
||||
// and there is no matcher for it (doing so would produce unnecessarily nested
|
||||
// JSON), *unless* there is a host matcher within this site block; if so, then
|
||||
// we still need to wrap in a subroute because otherwise the host matcher from
|
||||
// the inside of the site block would be a top-level host matcher, which is
|
||||
// subject to auto-HTTPS (cert management), and using a host matcher within
|
||||
// a site block is a valid, common pattern for excluding domains from cert
|
||||
// management, leading to unexpected behavior; see issue #5124.
|
||||
wrapInSubroute := true
|
||||
if len(matcherSetsEnc) == 0 && len(p.serverBlocks) == 1 {
|
||||
// no need to wrap the handlers in a subroute if this is
|
||||
// the only server block and there is no matcher for it
|
||||
routeList = append(routeList, subroute.Routes...)
|
||||
} else {
|
||||
var hasHostMatcher bool
|
||||
outer:
|
||||
for _, route := range subroute.Routes {
|
||||
for _, ms := range route.MatcherSetsRaw {
|
||||
for matcherName := range ms {
|
||||
if matcherName == "host" {
|
||||
hasHostMatcher = true
|
||||
break outer
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
wrapInSubroute = hasHostMatcher
|
||||
}
|
||||
|
||||
if wrapInSubroute {
|
||||
route := caddyhttp.Route{
|
||||
// the semantics of a site block in the Caddyfile dictate
|
||||
// that only the first matching one is evaluated, since
|
||||
|
@ -929,7 +950,10 @@ func appendSubrouteToRouteList(routeList caddyhttp.RouteList,
|
|||
if len(route.MatcherSetsRaw) > 0 || len(route.HandlersRaw) > 0 {
|
||||
routeList = append(routeList, route)
|
||||
}
|
||||
} else {
|
||||
routeList = append(routeList, subroute.Routes...)
|
||||
}
|
||||
|
||||
return routeList
|
||||
}
|
||||
|
||||
|
|
|
@ -3,10 +3,8 @@
|
|||
timeouts {
|
||||
idle 90s
|
||||
}
|
||||
protocol {
|
||||
strict_sni_host insecure_off
|
||||
}
|
||||
}
|
||||
servers :80 {
|
||||
timeouts {
|
||||
idle 60s
|
||||
|
@ -16,10 +14,8 @@
|
|||
timeouts {
|
||||
idle 30s
|
||||
}
|
||||
protocol {
|
||||
strict_sni_host
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
foo.com {
|
||||
|
|
|
@ -1,7 +1,12 @@
|
|||
:8884
|
||||
|
||||
@api host example.com
|
||||
php_fastcgi @api localhost:9000
|
||||
# the use of a host matcher here should cause this
|
||||
# site block to be wrapped in a subroute, even though
|
||||
# the site block does not have a hostname; this is
|
||||
# to prevent auto-HTTPS from picking up on this host
|
||||
# matcher because it is not a key on the site block
|
||||
@test host example.com
|
||||
php_fastcgi @test localhost:9000
|
||||
----------
|
||||
{
|
||||
"apps": {
|
||||
|
@ -13,13 +18,11 @@ php_fastcgi @api localhost:9000
|
|||
],
|
||||
"routes": [
|
||||
{
|
||||
"match": [
|
||||
"handle": [
|
||||
{
|
||||
"handler": "subroute",
|
||||
"routes": [
|
||||
{
|
||||
"host": [
|
||||
"example.com"
|
||||
]
|
||||
}
|
||||
],
|
||||
"handle": [
|
||||
{
|
||||
"handler": "subroute",
|
||||
|
@ -102,10 +105,22 @@ php_fastcgi @api localhost:9000
|
|||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"match": [
|
||||
{
|
||||
"host": [
|
||||
"example.com"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"terminal": true
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -66,7 +66,7 @@ func init() {
|
|||
// `{http.request.orig_uri}` | The request's original URI
|
||||
// `{http.request.port}` | The port part of the request's Host header
|
||||
// `{http.request.proto}` | The protocol of the request
|
||||
// `{http.request.remote.host}` | The host part of the remote client's address
|
||||
// `{http.request.remote.host}` | The host (IP) part of the remote client's address
|
||||
// `{http.request.remote.port}` | The port part of the remote client's address
|
||||
// `{http.request.remote}` | The address of the remote client
|
||||
// `{http.request.scheme}` | The request scheme
|
||||
|
|
Loading…
Reference in a new issue