mirror of
				https://github.com/caddyserver/caddy.git
				synced 2025-10-24 23:39:19 -04:00 
			
		
		
		
	In the Caddyfile, hosts specified for HTTP sockets (either scheme is "http" or it is on the HTTP port) should not be used as subjects in TLS automation policies (APs).
		
			
				
	
	
		
			68 lines
		
	
	
		
			848 B
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			68 lines
		
	
	
		
			848 B
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| # (this Caddyfile is contrived, but based on issues #4176 and #4198)
 | |
| 
 | |
| http://example.com {
 | |
| }
 | |
| 
 | |
| https://example.com {
 | |
| 	tls internal
 | |
| }
 | |
| 
 | |
| ----------
 | |
| {
 | |
| 	"apps": {
 | |
| 		"http": {
 | |
| 			"servers": {
 | |
| 				"srv0": {
 | |
| 					"listen": [
 | |
| 						":443"
 | |
| 					],
 | |
| 					"routes": [
 | |
| 						{
 | |
| 							"match": [
 | |
| 								{
 | |
| 									"host": [
 | |
| 										"example.com"
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"terminal": true
 | |
| 						}
 | |
| 					]
 | |
| 				},
 | |
| 				"srv1": {
 | |
| 					"listen": [
 | |
| 						":80"
 | |
| 					],
 | |
| 					"routes": [
 | |
| 						{
 | |
| 							"match": [
 | |
| 								{
 | |
| 									"host": [
 | |
| 										"example.com"
 | |
| 									]
 | |
| 								}
 | |
| 							],
 | |
| 							"terminal": true
 | |
| 						}
 | |
| 					]
 | |
| 				}
 | |
| 			}
 | |
| 		},
 | |
| 		"tls": {
 | |
| 			"automation": {
 | |
| 				"policies": [
 | |
| 					{
 | |
| 						"subjects": [
 | |
| 							"example.com"
 | |
| 						],
 | |
| 						"issuers": [
 | |
| 							{
 | |
| 								"module": "internal"
 | |
| 							}
 | |
| 						]
 | |
| 					}
 | |
| 				]
 | |
| 			}
 | |
| 		}
 | |
| 	}
 | |
| } |