mirror of https://github.com/caddyserver/caddy.git
reverseproxy: Fix panic when TLS is not configured (#4848)
* reverseproxy: Fix panic when TLS is not configured * Refactor and simplify setScheme Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
This commit is contained in:
parent
b6e96fa3c5
commit
25f10511e7
|
@ -281,7 +281,7 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||||
repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
|
repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
|
||||||
transport := h.replaceTLSServername(repl)
|
transport := h.replaceTLSServername(repl)
|
||||||
|
|
||||||
transport.SetScheme(req)
|
transport.setScheme(req)
|
||||||
|
|
||||||
// if H2C ("HTTP/2 over cleartext") is enabled and the upstream request is
|
// if H2C ("HTTP/2 over cleartext") is enabled and the upstream request is
|
||||||
// HTTP without TLS, use the alternate H2C-capable transport instead
|
// HTTP without TLS, use the alternate H2C-capable transport instead
|
||||||
|
@ -292,27 +292,34 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||||
return transport.Transport.RoundTrip(req)
|
return transport.Transport.RoundTrip(req)
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetScheme ensures that the outbound request req
|
// setScheme ensures that the outbound request req
|
||||||
// has the scheme set in its URL; the underlying
|
// has the scheme set in its URL; the underlying
|
||||||
// http.Transport requires a scheme to be set.
|
// http.Transport requires a scheme to be set.
|
||||||
func (h *HTTPTransport) SetScheme(req *http.Request) {
|
func (h *HTTPTransport) setScheme(req *http.Request) {
|
||||||
skipTLSport := false
|
if req.URL.Scheme != "" {
|
||||||
if h.TLS.ExceptPorts != nil {
|
return
|
||||||
port := req.URL.Port()
|
|
||||||
for i := range h.TLS.ExceptPorts {
|
|
||||||
if h.TLS.ExceptPorts[i] == port {
|
|
||||||
skipTLSport = true
|
|
||||||
break
|
|
||||||
}
|
}
|
||||||
|
if h.shouldUseTLS(req) {
|
||||||
|
req.URL.Scheme = "https"
|
||||||
|
} else {
|
||||||
|
req.URL.Scheme = "http"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if req.URL.Scheme == "" {
|
// shouldUseTLS returns true if TLS should be used for req.
|
||||||
req.URL.Scheme = "http"
|
func (h *HTTPTransport) shouldUseTLS(req *http.Request) bool {
|
||||||
if h.TLS != nil && !skipTLSport {
|
if h.TLS == nil {
|
||||||
req.URL.Scheme = "https"
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
port := req.URL.Port()
|
||||||
|
for i := range h.TLS.ExceptPorts {
|
||||||
|
if h.TLS.ExceptPorts[i] == port {
|
||||||
|
return false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
// TLSEnabled returns true if TLS is enabled.
|
// TLSEnabled returns true if TLS is enabled.
|
||||||
|
|
Loading…
Reference in New Issue