From fae064262d9c40393d634660b94d36ce6703aa1c Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 19 May 2020 18:59:51 -0400 Subject: [PATCH] httpcaddyfile: Add `auto_https` global option (#3284) --- caddyconfig/httpcaddyfile/httptype.go | 17 ++++++++- caddyconfig/httpcaddyfile/options.go | 16 ++++++++ .../auto_https_disable_redirects.txt | 34 +++++++++++++++++ .../caddyfile_adapt/auto_https_off.txt | 37 +++++++++++++++++++ 4 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/auto_https_disable_redirects.txt create mode 100644 caddytest/integration/caddyfile_adapt/auto_https_off.txt diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 8e1ca74d..fddb0952 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -343,12 +343,27 @@ func (st *ServerType) serversFromPairings( if hsp, ok := options["https_port"].(int); ok { httpsPort = strconv.Itoa(hsp) } + autoHTTPS := "on" + if ah, ok := options["auto_https"].(string); ok { + autoHTTPS = ah + } for i, p := range pairings { srv := &caddyhttp.Server{ Listen: p.addresses, } + // handle the auto_https global option + if autoHTTPS != "on" { + srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig) + if autoHTTPS == "off" { + srv.AutoHTTPS.Disabled = true + } + if autoHTTPS == "disable_redirects" { + srv.AutoHTTPS.DisableRedir = true + } + } + // sort server blocks by their keys; this is important because // only the first matching site should be evaluated, and we should // attempt to match most specific site first (host and path), in @@ -382,7 +397,7 @@ func (st *ServerType) serversFromPairings( }) var hasCatchAllTLSConnPolicy, addressQualifiesForTLS bool - autoHTTPSWillAddConnPolicy := true + autoHTTPSWillAddConnPolicy := autoHTTPS != "off" // create a subroute for each site in the server block for _, sblock := range p.serverBlocks { diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 49a11f6e..cecb3d4b 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -38,6 +38,7 @@ func init() { RegisterGlobalOption("on_demand_tls", parseOptOnDemand) RegisterGlobalOption("local_certs", parseOptTrue) RegisterGlobalOption("key_type", parseOptSingleString) + RegisterGlobalOption("auto_https", parseOptAutoHTTPS) } func parseOptTrue(d *caddyfile.Dispenser) (interface{}, error) { @@ -264,3 +265,18 @@ func parseOptOnDemand(d *caddyfile.Dispenser) (interface{}, error) { } return ond, nil } + +func parseOptAutoHTTPS(d *caddyfile.Dispenser) (interface{}, error) { + d.Next() // consume parameter name + if !d.Next() { + return "", d.ArgErr() + } + val := d.Val() + if d.Next() { + return "", d.ArgErr() + } + if val != "off" && val != "disable_redirects" { + return "", d.Errf("auto_https must be either 'off' or 'disable_redirects'") + } + return val, nil +} diff --git a/caddytest/integration/caddyfile_adapt/auto_https_disable_redirects.txt b/caddytest/integration/caddyfile_adapt/auto_https_disable_redirects.txt new file mode 100644 index 00000000..61637bba --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/auto_https_disable_redirects.txt @@ -0,0 +1,34 @@ +{ + auto_https disable_redirects +} + +localhost +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "disable_redirects": true + } + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/auto_https_off.txt b/caddytest/integration/caddyfile_adapt/auto_https_off.txt new file mode 100644 index 00000000..d4014d2a --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/auto_https_off.txt @@ -0,0 +1,37 @@ +{ + auto_https off +} + +localhost +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "terminal": true + } + ], + "tls_connection_policies": [ + {} + ], + "automatic_https": { + "disable": true + } + } + } + } + } +} \ No newline at end of file