8000 fix: enforce HTTPS_METHOD on missing cert as well · nginx-proxy/nginx-proxy@ef6d8c3 · GitHub
[go: up one dir, main page]
Skip to content

Commit ef6d8c3

Browse files
pini-ghpini-gh
committed
fix: enforce HTTPS_METHOD on missing cert as well
There is no reason to silently switch to noredirect on missing cert. The default being `HTTPS_METHOD=redirect` most of the test cases need to set `HTTPS_METHOD=nohttps` or `HTTPS_METHOD=noredirect`.
1 parent ce2a78b commit ef6d8c3

File tree

53 files changed

+97
-11
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

53 files changed

+97
-11
lines changed

nginx.tmpl

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -642,7 +642,7 @@ proxy_set_header Proxy "";
642642
{{- $default_https_exists := false }}
643643
{{- $http3_enabled := false }}
644644
{{- range $vhost := $globals.vhosts }}
645-
{{- $http := or (ne $vhost.https_method "nohttp") (not $vhost.cert_ok) }}
645+
{{- $http := ne $vhost.https_method "nohttp" }}
646646
{{- $https := ne $vhost.https_method "nohttps" }}
647647
{{- $http_exists = or $http_exists $http }}
648648
{{- $https_exists = or $https_exists $https }}
@@ -715,7 +715,7 @@ server {
715715
{{ template "upstream" (dict "globals" $globals "Path" $path "VPath" $vpath) }}
716716
{{- end }}
717717

718-
{{- if and $vhost.cert_ok (eq $vhost.https_method "redirect") }}
718+
{{- if (eq $vhost.https_method "redirect") }}
719719
server {
720720
server_name {{ $hostname }};
721721
{{- if $vhost.server_tokens }}
@@ -756,7 +756,7 @@ server {
756756
{{- if $vhost.http2_enabled }}
757757
http2 on;
758758
{{- end }}
759-
{{- if or (eq $vhost.https_method "nohttps") (not $vhost.cert_ok) (eq $vhost.https_method "noredirect") }}
759+
{{- if or (eq $vhost.https_method "nohttps") (eq $vhost.https_method "noredirect") }}
760760
listen {{ $globals.external_http_port }} {{ $default_server }};
761761
{{- if $globals.enable_ipv6 }}
762762
listen [::]:{{ $globals.external_http_port }} {{ $default_server }};

test/stress_tests/test_unreachable_network/docker-compose.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ services:
1212
image: nginxproxy/nginx-proxy:test
1313
volumes:
1414
- /var/run/docker.sock:/tmp/docker.sock:ro
15+
environment:
16+
HTTPS_METHOD: nohttps
1517

1618
webA:
1719
networks:

test/test_DOCKER_HOST_unix_socket.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,3 +23,4 @@ services:
2323
- /var/run/docker.sock:/f00.sock:ro
2424
environment:
2525
DOCKER_HOST: unix:///f00.sock
26+
HTTPS_METHOD: nohttps

test/test_custom/test_defaults-location.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ services:
77
- /var/run/docker.sock:/tmp/docker.sock:ro
88
- ./my_custom_proxy_settings.conf:/etc/nginx/vhost.d/default_location:ro
99
- ./my_custom_proxy_settings_bar.conf:/etc/nginx/vhost.d/web3.nginx-proxy.example_location:ro
10+
environment:
11+
HTTPS_METHOD: nohttps
1012

1113
web1:
1214
image: web

test/test_custom/test_defaults.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ services:
66
volumes:
77
- /var/run/docker.sock:/tmp/docker.sock:ro
88
- ./my_custom_proxy_settings.conf:/etc/nginx/proxy.conf:ro
9+
environment:
10+
HTTPS_METHOD: nohttps
911

1012
web1:
1113
image: web

test/test_custom/test_location-per-vhost.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ services:
66
volumes:
77
- /var/run/docker.sock:/tmp/docker.sock:ro
88
- ./my_custom_proxy_settings.conf:/etc/nginx/vhost.d/web1.nginx-proxy.example_location:ro
9+
environment:
10+
HTTPS_METHOD: nohttps
911

1012
web1:
1113
image: web

test/test_custom/test_per-vhost.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ services:
66
volumes:
77
- /var/run/docker.sock:/tmp/docker.sock:ro
88
- ./my_custom_proxy_settings.conf:/etc/nginx/vhost.d/web1.nginx-proxy.example:ro
9+
environment:
10+
HTTPS_METHOD: nohttps
911

1012
web1:
1113
image: web

test/test_custom/test_proxy-wide.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ services:
66
volumes:
77
- /var/run/docker.sock:/tmp/docker.sock:ro
88
- ./my_custom_proxy_settings.conf:/etc/nginx/conf.d/my_custom_proxy_settings.conf:ro
9+
environment:
10+
HTTPS_METHOD: nohttps
911

1012
web1:
1113
image: web

test/test_default-host.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,3 +17,4 @@ services:
1717
- /var/run/docker.sock:/tmp/docker.sock:ro
1818
environment:
1919
DEFAULT_HOST: web1.tld
20+
HTTPS_METHOD: nohttps

test/test_dockergen/test_dockergen_v2.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ services:
1515
volumes:
1616
- /var/run/docker.sock:/tmp/docker.sock:ro
1717
- ../../nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl
18+
environment:
19+
HTTPS_METHOD: nohttps
1820

1921
web:
2022
image: web

0 commit comments

Comments
 (0)
0