aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorFrancis Lavoie <[email protected]>2022-09-20 00:11:19 -0400
committerGitHub <[email protected]>2022-09-19 22:11:19 -0600
commite3d04ff86b5bf886bc4c6cf7806987eeda96d163 (patch)
tree626f90808896b4eb1c0b4cfc4bf3f3fb2ddbb4f5
parentda8b7fe58f83012d9a6c6e15cb249ca5f476597c (diff)
downloadcaddy-e3d04ff86b5bf886bc4c6cf7806987eeda96d163.tar.gz
caddy-e3d04ff86b5bf886bc4c6cf7806987eeda96d163.zip
caddyhttp: Skip inserting HTTP->HTTPS redir if catch-all for both exist (#5051)
-rw-r--r--modules/caddyhttp/autohttps.go30
1 files changed, 20 insertions, 10 deletions
diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go
index 3d476cb12..be229ea8b 100644
--- a/modules/caddyhttp/autohttps.go
+++ b/modules/caddyhttp/autohttps.go
@@ -378,19 +378,29 @@ redirServersLoop:
// we'll create a new server for all the listener addresses
// that are unused and serve the remaining redirects from it
for _, srv := range app.Servers {
- if srv.hasListenerAddress(redirServerAddr) {
- // find the index of the route after the last route with a host
- // matcher, then insert the redirects there, but before any
- // user-defined catch-all routes
- // see https://github.com/caddyserver/caddy/issues/3212
- insertIndex := srv.findLastRouteWithHostMatcher()
- srv.Routes = append(srv.Routes[:insertIndex], append(routes, srv.Routes[insertIndex:]...)...)
+ // only look at servers which listen on an address which
+ // we want to add redirects to
+ if !srv.hasListenerAddress(redirServerAddr) {
+ continue
+ }
- // append our catch-all route in case the user didn't define their own
- srv.Routes = appendCatchAll(srv.Routes)
+ // find the index of the route after the last route with a host
+ // matcher, then insert the redirects there, but before any
+ // user-defined catch-all routes
+ // see https://github.com/caddyserver/caddy/issues/3212
+ insertIndex := srv.findLastRouteWithHostMatcher()
- continue redirServersLoop
+ // add the redirects at the insert index, except for when
+ // we have a catch-all for HTTPS, in which case the user's
+ // defined catch-all should take precedence. See #4829
+ if len(uniqueDomainsForCerts) != 0 {
+ srv.Routes = append(srv.Routes[:insertIndex], append(routes, srv.Routes[insertIndex:]...)...)
}
+
+ // append our catch-all route in case the user didn't define their own
+ srv.Routes = appendCatchAll(srv.Routes)
+
+ continue redirServersLoop
}
// no server with this listener address exists;