From 8b2ad61220f199e7329f218e21a6950bb1ab4c67 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 23 Jan 2020 13:17:16 -0700 Subject: [PATCH] httpcaddyfile: Skip hosts from auto-https when http:// scheme (fix #2998) --- caddyconfig/httpcaddyfile/httptype.go | 28 +++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 20621bb2..22050f1e 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -389,6 +389,24 @@ func (st *ServerType) serversFromPairings( // TODO: consolidate equal conn policies } + // exclude any hosts that were defined explicitly with + // "http://" in the key from automated cert management (issue #2998) + for _, key := range sblock.block.Keys { + addr, err := ParseAddress(key) + if err != nil { + return nil, err + } + addr = addr.Normalize() + if addr.Scheme == "http" { + if srv.AutoHTTPS == nil { + srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig) + } + if !sliceContains(srv.AutoHTTPS.Skip, addr.Host) { + srv.AutoHTTPS.Skip = append(srv.AutoHTTPS.Skip, addr.Host) + } + } + } + // set up each handler directive, making sure to honor directive order dirRoutes := sblock.pile["route"] siteSubroute, err := buildSubroute(dirRoutes, groupCounter) @@ -723,6 +741,16 @@ func tryInt(val interface{}, warnings *[]caddyconfig.Warning) int { return intVal } +// sliceContains returns true if needle is in haystack. +func sliceContains(haystack []string, needle string) bool { + for _, s := range haystack { + if s == needle { + return true + } + } + return false +} + // specifity returns len(s) minus any wildcards (*) and // placeholders ({...}). Basically, it's a length count // that penalizes the use of wildcards and placeholders.