core: Disable TLS for sites where http is explicitly defined (fix)

c4a73784 · Matthew Holt · a17e9b6b · c4a73784
Commit c4a73784 authored Oct 16, 2015 by Matthew Holt
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

config/setup/tls.go config/setup/tls.go +7 -0

No files found.
--- a/config/setup/tls.go
+++ b/config/setup/tls.go
@@ -2,6 +2,7 @@ package setup

 import (
 	"crypto/tls"
+	"log"
 	"strings"

 	"github.com/mholt/caddy/middleware"
@@ -10,6 +11,12 @@ import (
 func TLS(c *Controller) (middleware.Middleware, error) {
 	c.TLS.Enabled = true

+	if c.Port == "http" {
+		c.TLS.Enabled = false
+		log.Printf("Warning: TLS disabled for %s://%s. To force TLS over the plaintext HTTP port, "+
+			"specify port 80 explicitly (https://%s:80).", c.Port, c.Host, c.Host)
+	}
+
 	for c.Next() {
 		if !c.NextArg() {
 			return nil, c.ArgErr()