Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

caddyfile: When using non-standard port catch-all site with tls directive, should use TLS #5747

Closed
francislavoie opened this issue Aug 14, 2023 · 2 comments · Fixed by #5808
Closed

caddyfile: When using non-standard port catch-all site with tls directive, should use TLS #5747

francislavoie opened this issue Aug 14, 2023 · 2 comments · Fixed by #5808
Labels
bug 🐞 Something isn't working discussion 💬 The right solution needs to be found help wanted 🆘 Extra attention is needed
Milestone
v2.8.0

Comments

@francislavoie
Copy link
Member

francislavoie commented Aug 14, 2023
edited
Loading

Currently, this doesn't work:

:8443 {
    tls internal {
        on_demand
    }
}

Instead, we need to do this:

https://:8443 {
    tls internal {
        on_demand
    }
}

This is not intuitive. Using the tls directive should make the site address have TLS enabled without having to specify https://.

The rule as I understand it right now is if there's a domain with a non-standard port, it'll enable TLS, but if there's no domain then it uses HTTP. But it should also use TLS if the tls directive is specified.

The key difference can be seen with caddy adapt --pretty, without https://, there's no tls_connection_policies for the server. It should have at least an empty connection policy when tls is used.
@francislavoie francislavoie added the bug 🐞 Something isn't working label Aug 14, 2023
@francislavoie francislavoie added this to the 2.9.0 milestone Aug 14, 2023
@mholt mholt added help wanted 🆘 Extra attention is needed discussion 💬 The right solution needs to be found labels Aug 14, 2023
@mholt mholt changed the title When using non-standard port catch-all site with tls directive, should use TLS caddyfile: When using non-standard port catch-all site with tls directive, should use TLS Aug 14, 2023
@hainenber
Copy link
Contributor

hi @francislavoie, I can work on this bug. Can you assign this to me? Thanks!

@francislavoie
Copy link
Member Author

@hainenber you can just open a PR when you have something. We don't tend to assign things (feels like a useless step).

@hainenber hainenber mentioned this issue Sep 9, 2023
Merged
@francislavoie francislavoie modified the milestones: v2.9.0, v2.8.0 Feb 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐞 Something isn't working discussion 💬 The right solution needs to be found help wanted 🆘 Extra attention is needed
Projects
None yet
Milestone
v2.8.0
Development

Successfully merging a pull request may close this issue.

httpcaddyfile: Enable TLS for catch-all site if tls directive is specified hainenber/caddy
3 participants
@mholt @francislavoie @hainenber