tls: Extra requirements to set port to 443

It is unexpected to serve localhost on port 443 or any server on 443 if TLS is disabled, even if the port is blank. Also don't warn about how to force TLS on the HTTP port.

tls: Extra requirements to set port to 443
It is unexpected to serve localhost on port 443 or any server on 443 if TLS is disabled, even if the port is blank. Also don't warn about how to force TLS on the HTTP port.
20284905 · Matthew Holt · 060ab92d · 20284905
Commit 20284905 authored Jan 10, 2016 by Matthew Holt
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

caddy/setup/tls.go caddy/setup/tls.go +5 -5

No files found.
--- a/caddy/setup/tls.go
+++ b/caddy/setup/tls.go
@@ -11,10 +11,9 @@ import (

 // TLS sets up the TLS configuration (but does not activate Let's Encrypt; that is handled elsewhere).
 func TLS(c *Controller) (middleware.Middleware, error) {
-	if c.Scheme == "http" && c.Port != "80" {
+	if c.Scheme == "http" {
 		c.TLS.Enabled = false
-		log.Printf("[WARNING] TLS disabled for %s://%s. To force TLS over the plaintext HTTP port, "+
-			"specify port 80 explicitly (https://%s:80).", c.Scheme, c.Address(), c.Host)
+		log.Printf("[WARNING] TLS disabled for %s://%s.", c.Scheme, c.Address())
 	} else {
 		c.TLS.Enabled = true
 	}
@@ -102,8 +101,9 @@ func SetDefaultTLSParams(c *server.Config) {
 	// Prefer server cipher suites
 	c.TLS.PreferServerCipherSuites = true

-	// Default TLS port is 443; only use if port is not manually specified
-	if c.Port == "" {
+	// Default TLS port is 443; only use if port is not manually specified,
+	// TLS is enabled, and the host is not localhost
+	if c.Port == "" && c.TLS.Enabled && c.Host != "localhost" {
 		c.Port = "443"
 	}
 }