mirror of
https://github.com/nginx-proxy/nginx-proxy
synced 2024-11-08 15:59:17 +01:00
fix: nohttp(s) shouldn't disable fallback server
Say we have two containers: - `app1` with `HTTPS_METHOD=redirect` - `app2` with `HTTPS_METHOD=nohttps` Without this change the fallback answer on an HTTPS request to an unknown server would change depending on whether `app1` is up (503) or not (connection refused). This is not wanted. In case someone doesn't want HTTPS at all, they just have to not bind port 443.
This commit is contained in:
parent
50608d7826
commit
4606b15309
@ -664,7 +664,7 @@ proxy_set_header Proxy "";
|
|||||||
{{- $http3_enabled = or $http3_enabled $vhost.http3_enabled }}
|
{{- $http3_enabled = or $http3_enabled $vhost.http3_enabled }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- $fallback_http := not $default_http_exists }}
|
{{- $fallback_http := not $default_http_exists }}
|
||||||
{{- $fallback_https := and $https_exists (not $default_https_exists) }}
|
{{- $fallback_https := not $default_https_exists }}
|
||||||
{{- /*
|
{{- /*
|
||||||
* If there are no vhosts at all, create fallbacks for both plain http
|
* If there are no vhosts at all, create fallbacks for both plain http
|
||||||
* and https so that clients get something more useful than a connection
|
* and https so that clients get something more useful than a connection
|
||||||
|
@ -33,7 +33,6 @@ def get(docker_compose, nginxproxy, want_err_re):
|
|||||||
|
|
||||||
|
|
||||||
INTERNAL_ERR_RE = re.compile("TLSV1_ALERT_INTERNAL_ERROR")
|
INTERNAL_ERR_RE = re.compile("TLSV1_ALERT_INTERNAL_ERROR")
|
||||||
CONNECTION_REFUSED_RE = re.compile("Connection refused")
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize("compose_file,url,want_code,want_err_re", [
|
@pytest.mark.parametrize("compose_file,url,want_code,want_err_re", [
|
||||||
@ -79,14 +78,14 @@ CONNECTION_REFUSED_RE = re.compile("Connection refused")
|
|||||||
("nohttp-with-missing-cert.yml", "https://unknown.nginx-proxy.test/", 503, None),
|
("nohttp-with-missing-cert.yml", "https://unknown.nginx-proxy.test/", 503, None),
|
||||||
# HTTPS_METHOD=nohttps on nginx-proxy, HTTPS_METHOD unset on the app container.
|
# HTTPS_METHOD=nohttps on nginx-proxy, HTTPS_METHOD unset on the app container.
|
||||||
("nohttps.yml", "http://http-only.nginx-proxy.test/", 200, None),
|
("nohttps.yml", "http://http-only.nginx-proxy.test/", 200, None),
|
||||||
("nohttps.yml", "https://http-only.nginx-proxy.test/", None, CONNECTION_REFUSED_RE),
|
("nohttps.yml", "https://http-only.nginx-proxy.test/", None, INTERNAL_ERR_RE),
|
||||||
("nohttps.yml", "http://unknown.nginx-proxy.test/", 503, None),
|
("nohttps.yml", "http://unknown.nginx-proxy.test/", 503, None),
|
||||||
("nohttps.yml", "https://unknown.nginx-proxy.test/", None, CONNECTION_REFUSED_RE),
|
("nohttps.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE),
|
||||||
# HTTPS_METHOD=redirect on nginx-proxy, HTTPS_METHOD=nohttps on the app container.
|
# HTTPS_METHOD=redirect on nginx-proxy, HTTPS_METHOD=nohttps on the app container.
|
||||||
("nohttps-on-app.yml", "http://http-only.nginx-proxy.test/", 200, None),
|
("nohttps-on-app.yml", "http://http-only.nginx-proxy.test/", 200, None),
|
||||||
("nohttps-on-app.yml", "https://http-only.nginx-proxy.test/", None, CONNECTION_REFUSED_RE),
|
("nohttps-on-app.yml", "https://http-only.nginx-proxy.test/", None, INTERNAL_ERR_RE),
|
||||||
("nohttps-on-app.yml", "http://unknown.nginx-proxy.test/", 503, None),
|
("nohttps-on-app.yml", "http://unknown.nginx-proxy.test/", 503, None),
|
||||||
("nohttps-on-app.yml", "https://unknown.nginx-proxy.test/", None, CONNECTION_REFUSED_RE),
|
("nohttps-on-app.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE),
|
||||||
# Custom nginx config that has a `server` directive that uses `default_server` and simply
|
# Custom nginx config that has a `server` directive that uses `default_server` and simply
|
||||||
# returns 418. Nginx should successfully start (in particular, the `default_server` in the
|
# returns 418. Nginx should successfully start (in particular, the `default_server` in the
|
||||||
# custom config should not conflict with the fallback server generated by nginx-proxy) and nginx
|
# custom config should not conflict with the fallback server generated by nginx-proxy) and nginx
|
||||||
|
Loading…
Reference in New Issue
Block a user