From 869fbac632bc098f8d40fd7b43790fadce84ed1a Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Wed, 22 May 2019 14:14:26 -0600
Subject: [PATCH] Don't use auto HTTPS for servers with only HTTP port
 listeners

---
 modules/caddyhttp/caddyhttp.go |  5 +++++
 modules/caddyhttp/server.go    | 16 ++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go
index 1ff2cbc6f..0fde218f6 100644
--- a/modules/caddyhttp/caddyhttp.go
+++ b/modules/caddyhttp/caddyhttp.go
@@ -188,6 +188,11 @@ func (app *App) automaticHTTPS() error {
 			continue
 		}
 
+		// skip if all listeners use the HTTP port
+		if !srv.listenersUseAnyPortOtherThan(app.HTTPPort) {
+			continue
+		}
+
 		// find all qualifying domain names, de-duplicated
 		domainSet := make(map[string]struct{})
 		for _, route := range srv.Routes {
diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go
index c66fcabbf..8a16ceadc 100644
--- a/modules/caddyhttp/server.go
+++ b/modules/caddyhttp/server.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"net"
 	"net/http"
 	"strconv"
 
@@ -98,6 +99,21 @@ func (s *Server) executeCompositeRoute(w http.ResponseWriter, r *http.Request, s
 	return err
 }
 
+func (s *Server) listenersUseAnyPortOtherThan(otherPort int) bool {
+	for _, lnAddr := range s.Listen {
+		_, addrs, err := parseListenAddr(lnAddr)
+		if err == nil {
+			for _, a := range addrs {
+				_, port, err := net.SplitHostPort(a)
+				if err == nil && port != strconv.Itoa(otherPort) {
+					return true
+				}
+			}
+		}
+	}
+	return false
+}
+
 type httpErrorConfig struct {
 	Routes RouteList `json:"routes,omitempty"`
 	// TODO: some way to configure the logging of errors, probably? standardize