tls: Extra requirements to set port to 443

It is unexpected to serve localhost on port 443 or any server on 443 if TLS is disabled, even if the port is blank. Also don't warn about how to force TLS on the HTTP port.
2024-11-25 17:56:34 +08:00 · 2016-01-10 20:47:43 -07:00 · 2016-01-10 20:47:43 -07:00 · 202849055c
commit 202849055c
parent 060ab92d29
1 changed files with 5 additions and 5 deletions
--- a/caddy/setup/tls.go
+++ b/caddy/setup/tls.go
@ -11,10 +11,9 @@ import (

 // TLS sets up the TLS configuration (but does not activate Let's Encrypt; that is handled elsewhere).
 func TLS(c *Controller) (middleware.Middleware, error) {
-	if c.Scheme == "http" && c.Port != "80" {
+	if c.Scheme == "http" {
 		c.TLS.Enabled = false
-		log.Printf("[WARNING] TLS disabled for %s://%s. To force TLS over the plaintext HTTP port, "+
-			"specify port 80 explicitly (https://%s:80).", c.Scheme, c.Address(), c.Host)
+		log.Printf("[WARNING] TLS disabled for %s://%s.", c.Scheme, c.Address())
 	} else {
 		c.TLS.Enabled = true
 	}
@ -102,8 +101,9 @@ func SetDefaultTLSParams(c *server.Config) {
 	// Prefer server cipher suites
 	c.TLS.PreferServerCipherSuites = true

-	// Default TLS port is 443; only use if port is not manually specified
-	if c.Port == "" {
+	// Default TLS port is 443; only use if port is not manually specified,
+	// TLS is enabled, and the host is not localhost
+	if c.Port == "" && c.TLS.Enabled && c.Host != "localhost" {
 		c.Port = "443"
 	}
 }