From c4a7378466c02f37333ec83fe83986736a7cb4fb Mon Sep 17 00:00:00 2001
From: Matthew Holt <Matthew.Holt+git@gmail.com>
Date: Fri, 16 Oct 2015 11:47:13 -0600
Subject: [PATCH] core: Disable TLS for sites where http is explicitly defined
 (fix)

---
 config/setup/tls.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/config/setup/tls.go b/config/setup/tls.go
index 431409f4a..e9d3db7eb 100644
--- a/config/setup/tls.go
+++ b/config/setup/tls.go
@@ -2,6 +2,7 @@ package setup
 
 import (
 	"crypto/tls"
+	"log"
 	"strings"
 
 	"github.com/mholt/caddy/middleware"
@@ -10,6 +11,12 @@ import (
 func TLS(c *Controller) (middleware.Middleware, error) {
 	c.TLS.Enabled = true
 
+	if c.Port == "http" {
+		c.TLS.Enabled = false
+		log.Printf("Warning: TLS disabled for %s://%s. To force TLS over the plaintext HTTP port, "+
+			"specify port 80 explicitly (https://%s:80).", c.Port, c.Host, c.Host)
+	}
+
 	for c.Next() {
 		if !c.NextArg() {
 			return nil, c.ArgErr()