diff options
author | Francis Lavoie <[email protected]> | 2022-09-20 00:11:19 -0400 |
---|---|---|
committer | GitHub <[email protected]> | 2022-09-19 22:11:19 -0600 |
commit | e3d04ff86b5bf886bc4c6cf7806987eeda96d163 (patch) | |
tree | 626f90808896b4eb1c0b4cfc4bf3f3fb2ddbb4f5 | |
parent | da8b7fe58f83012d9a6c6e15cb249ca5f476597c (diff) | |
download | caddy-e3d04ff86b5bf886bc4c6cf7806987eeda96d163.tar.gz caddy-e3d04ff86b5bf886bc4c6cf7806987eeda96d163.zip |
caddyhttp: Skip inserting HTTP->HTTPS redir if catch-all for both exist (#5051)
-rw-r--r-- | modules/caddyhttp/autohttps.go | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 3d476cb12..be229ea8b 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -378,19 +378,29 @@ redirServersLoop: // we'll create a new server for all the listener addresses // that are unused and serve the remaining redirects from it for _, srv := range app.Servers { - if srv.hasListenerAddress(redirServerAddr) { - // find the index of the route after the last route with a host - // matcher, then insert the redirects there, but before any - // user-defined catch-all routes - // see https://github.com/caddyserver/caddy/issues/3212 - insertIndex := srv.findLastRouteWithHostMatcher() - srv.Routes = append(srv.Routes[:insertIndex], append(routes, srv.Routes[insertIndex:]...)...) + // only look at servers which listen on an address which + // we want to add redirects to + if !srv.hasListenerAddress(redirServerAddr) { + continue + } - // append our catch-all route in case the user didn't define their own - srv.Routes = appendCatchAll(srv.Routes) + // find the index of the route after the last route with a host + // matcher, then insert the redirects there, but before any + // user-defined catch-all routes + // see https://github.com/caddyserver/caddy/issues/3212 + insertIndex := srv.findLastRouteWithHostMatcher() - continue redirServersLoop + // add the redirects at the insert index, except for when + // we have a catch-all for HTTPS, in which case the user's + // defined catch-all should take precedence. See #4829 + if len(uniqueDomainsForCerts) != 0 { + srv.Routes = append(srv.Routes[:insertIndex], append(routes, srv.Routes[insertIndex:]...)...) } + + // append our catch-all route in case the user didn't define their own + srv.Routes = appendCatchAll(srv.Routes) + + continue redirServersLoop } // no server with this listener address exists; |