caddy icon indicating copy to clipboard operation
caddy copied to clipboard
verified publisher icon caddyserver

httpcaddyfile: Fixes for `prefer_wildcard` mode

Open francislavoie opened this issue 1 year ago • 1 comments

Followup to #6146

Two fixes:

  • When assembling the HTTP app, the wildcard hosts need to be collected first, then considered after, because there's no guarantee that all non-wildcards will appear after all wildcards when looping. Also we should not add a domain to Skip if it doesn't qualify for TLS anyway. But I realized we should actually add it to SkipCerts, not Skip because we do want them to still get HTTP->HTTPS redirects, just not have certs issued.

  • The automation policy consolidation misbehaved if there was more than one wildcard configured, because it was comparing wildcards against eachother. This would cause all APs to disappear in some cases. Instead of handling wildcard coverage in consolidation, I reworked it to avoid adding the AP altogether if it would be covered by a wildcard. Should be more robust.

francislavoie avatar Oct 17 '24 00:10 francislavoie

I built with this branch and can confirm that the problem is now fixed, at least for me. I can define multiple *.one.example.com/*.two.example.com wildcard domains and it handles them all as it should.

coandco avatar Oct 20 '24 04:10 coandco

Will look at this again soon!

mholt avatar Oct 21 '24 14:10 mholt

Looking forward to being able to build with an official beta, rather than just pointing at this branch!

coandco avatar Oct 30 '24 03:10 coandco

This will go out with the next beta in a few days or less

mholt avatar Nov 01 '24 16:11 mholt

@coandco This has been released in the beta a few days ago just FYI

mholt avatar Nov 11 '24 22:11 mholt