reverseproxy: Fix panic when TLS is not configured (#4848)

* reverseproxy: Fix panic when TLS is not configured

* Refactor and simplify setScheme

Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
This commit is contained in:
Francis Lavoie 2022-06-22 15:01:57 -04:00 committed by GitHub
parent b6e96fa3c5
commit 25f10511e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 17 deletions

View File

@ -281,7 +281,7 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) {
repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
transport := h.replaceTLSServername(repl) transport := h.replaceTLSServername(repl)
transport.SetScheme(req) transport.setScheme(req)
// if H2C ("HTTP/2 over cleartext") is enabled and the upstream request is // if H2C ("HTTP/2 over cleartext") is enabled and the upstream request is
// HTTP without TLS, use the alternate H2C-capable transport instead // HTTP without TLS, use the alternate H2C-capable transport instead
@ -292,27 +292,34 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) {
return transport.Transport.RoundTrip(req) return transport.Transport.RoundTrip(req)
} }
// SetScheme ensures that the outbound request req // setScheme ensures that the outbound request req
// has the scheme set in its URL; the underlying // has the scheme set in its URL; the underlying
// http.Transport requires a scheme to be set. // http.Transport requires a scheme to be set.
func (h *HTTPTransport) SetScheme(req *http.Request) { func (h *HTTPTransport) setScheme(req *http.Request) {
skipTLSport := false if req.URL.Scheme != "" {
if h.TLS.ExceptPorts != nil { return
port := req.URL.Port()
for i := range h.TLS.ExceptPorts {
if h.TLS.ExceptPorts[i] == port {
skipTLSport = true
break
} }
if h.shouldUseTLS(req) {
req.URL.Scheme = "https"
} else {
req.URL.Scheme = "http"
} }
} }
if req.URL.Scheme == "" { // shouldUseTLS returns true if TLS should be used for req.
req.URL.Scheme = "http" func (h *HTTPTransport) shouldUseTLS(req *http.Request) bool {
if h.TLS != nil && !skipTLSport { if h.TLS == nil {
req.URL.Scheme = "https" return false
}
port := req.URL.Port()
for i := range h.TLS.ExceptPorts {
if h.TLS.ExceptPorts[i] == port {
return false
} }
} }
return true
} }
// TLSEnabled returns true if TLS is enabled. // TLSEnabled returns true if TLS is enabled.