serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-26 13:43:47 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

reverseproxy: Honor tls_except_port for active health checks (#5591)

Browse source
This commit is contained in:
Francis Lavoie 2023-06-22 18:20:30 -04:00 committed by GitHub
parent 2b2addebb8
commit 7a69ae7571
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
modules/caddyhttp/reverseproxy/healthchecks.go
View file

@ -306,16 +306,35 @@ func (h *Handler) doActiveHealthCheckForAllHosts() {
// the host's health status fails. // the host's health status fails.
func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstream *Upstream) error { func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstream *Upstream) error {
// create the URL for the request that acts as a health check // create the URL for the request that acts as a health check
scheme := "http"
if ht, ok := h.Transport.(TLSTransport); ok && ht.TLSEnabled() {
// this is kind of a hacky way to know if we should use HTTPS, but whatever
scheme = "https"
}
u := &url.URL{ u := &url.URL{
Scheme: scheme, Scheme: "http",
Host: hostAddr, Host: hostAddr,
} }
// split the host and port if possible, override the port if configured
host, port, err := net.SplitHostPort(hostAddr)
if err != nil {
host = hostAddr
}
if h.HealthChecks.Active.Port != 0 {
port := strconv.Itoa(h.HealthChecks.Active.Port)
u.Host = net.JoinHostPort(host, port)
}
// this is kind of a hacky way to know if we should use HTTPS, but whatever
if tt, ok := h.Transport.(TLSTransport); ok && tt.TLSEnabled() {
u.Scheme = "https"
// if the port is in the except list, flip back to HTTP
if ht, ok := h.Transport.(*HTTPTransport); ok {
for _, exceptPort := range ht.TLS.ExceptPorts {
if exceptPort == port {
u.Scheme = "http"
}
}
}
}
// if we have a provisioned uri, use that, otherwise use // if we have a provisioned uri, use that, otherwise use
// the deprecated Path option // the deprecated Path option
if h.HealthChecks.Active.uri != nil { if h.HealthChecks.Active.uri != nil {
@ -325,16 +344,6 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstre
u.Path = h.HealthChecks.Active.Path u.Path = h.HealthChecks.Active.Path
} }
// adjust the port, if configured to be different
if h.HealthChecks.Active.Port != 0 {
portStr := strconv.Itoa(h.HealthChecks.Active.Port)
host, _, err := net.SplitHostPort(hostAddr)
if err != nil {
host = hostAddr
}
u.Host = net.JoinHostPort(host, portStr)
}
// attach dialing information to this request, as well as context values that // attach dialing information to this request, as well as context values that
// may be expected by handlers of this request // may be expected by handlers of this request
ctx := h.ctx.Context ctx := h.ctx.Context