Fix autocert HostPolicy
Previously, this would pass in the instance's full (and invalid) URL. Now it passes only the host name. Ref T542
This commit is contained in:
parent
36fb7ecb2b
commit
42386beabc
14
app.go
14
app.go
|
@ -393,11 +393,21 @@ func Serve(app *App, r *mux.Router) {
|
|||
|
||||
log.Info("Serving on https://%s:443", bindAddress)
|
||||
if app.cfg.Server.Autocert {
|
||||
log.Info("Using autocert")
|
||||
m := &autocert.Manager{
|
||||
Prompt: autocert.AcceptTOS,
|
||||
Cache: autocert.DirCache(app.cfg.Server.TLSCertPath),
|
||||
HostPolicy: autocert.HostWhitelist(app.cfg.App.Host),
|
||||
}
|
||||
host, err := url.Parse(app.cfg.App.Host)
|
||||
if err != nil {
|
||||
log.Error("[WARNING] Unable to parse configured host! %s", err)
|
||||
log.Error(`[WARNING] ALL hosts are allowed, which can open you to an attack where
|
||||
clients connect to a server by IP address and pretend to be asking for an
|
||||
incorrect host name, and cause you to reach the CA's rate limit for certificate
|
||||
requests. We recommend supplying a valid host name.`)
|
||||
log.Info("Using autocert on ANY host")
|
||||
} else {
|
||||
log.Info("Using autocert on host %s", host.Host)
|
||||
m.HostPolicy = autocert.HostWhitelist(host.Host)
|
||||
}
|
||||
s := &http.Server{
|
||||
Addr: ":https",
|
||||
|
|
Loading…
Reference in New Issue