reverseproxy: Skip TLS for certain configured ports (#4843)

* Make reverse proxy TLS server name replaceable for SNI upstreams. * Reverted previous TLS server name replacement, and implemented thread safe version. * Move TLS servername replacement into it's own function * Moved SNI servername replacement into httptransport. * Solve issue when dynamic upstreams use wrong protocol upstream. * Revert previous commit. Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream. Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d * Added SkipTLSPorts option to http transport. * Fix typo in test config file. * Rename config option as suggested by Matt Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update code to match renamed config option. * Fix typo in config option name. * Fix another typo that I missed. * Tests not completing because of apparent wrong ordering of options. Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2025-05-31 00:06:04 +08:00 · 2022-06-20 19:51:42 +02:00
parent 56013934a4
commit b6e96fa3c5
3 changed files with 33 additions and 1 deletions
--- a/modules/caddyhttp/reverseproxy/caddyfile.go
+++ b/modules/caddyhttp/reverseproxy/caddyfile.go
@ -1063,6 +1063,15 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
 				}
 				h.MaxConnsPerHost = num

+			case "except_ports":
+				if h.TLS == nil {
+					h.TLS = new(TLSConfig)
+				}
+				h.TLS.ExceptPorts = d.RemainingArgs()
+				if len(h.TLS.ExceptPorts) == 0 {
+					return d.ArgErr()
+				}
+
 			default:
 				return d.Errf("unrecognized subdirective %s", d.Val())
 			}