Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Improve handling of unknown hosts and missing certs #2186

Merged
merged 5 commits into from
Mar 24, 2023
Merged

fix: Improve handling of unknown hosts and missing certs #2186

merged 5 commits into from
Mar 24, 2023

Commits on Feb 1, 2023

  1. chore: Split $is_https variable into two separate checks 

    for improved readability.
    @rhansen @buchdag
    rhansen authored and buchdag committed Feb 1, 2023
    Configuration menu
    Copy the full SHA
    7a2b1f8 View commit details
    Browse the repository at this point in the history

  2. chore: Factor out duplicate checks for default.crt 

    for improved readability.
    @rhansen @buchdag
    rhansen authored and buchdag committed Feb 1, 2023
    Configuration menu
    Copy the full SHA
    18d0671 View commit details
    Browse the repository at this point in the history

Commits on Feb 2, 2023

  1. fix: Don't create cert error https server if https is not enabled

    @rhansen @buchdag
    rhansen authored and buchdag committed Feb 2, 2023
    Configuration menu
    Copy the full SHA
    16066ca View commit details
    Browse the repository at this point in the history

Commits on Feb 3, 2023

  1. fix: Emit TLS error if there are no certs available 

    Before, if neither the vhost-specific cert nor `default.crt` existed,
nginx-proxy would not create the https vhost.  This resulted in nginx
either refusing the connection or serving the wrong vhost depending on
whether there was another https vhost with a certificate.

Now nginx-proxy always creates an https server for a vhost, even if
the vhost-specific certificate and the default certificate are both
missing.  When both certs are missing, nginx is given empty
certificate data to make it possible for it to start up without an
error.  The empty certificate data causes the user to see a TLS error,
which is much easier to troubleshoot than a connection refused error
or serving the wrong vhost.
    @rhansen @buchdag
    rhansen authored and buchdag committed Feb 3, 2023
    Configuration menu
    Copy the full SHA
    9297e94 View commit details
    Browse the repository at this point in the history

Commits on Feb 4, 2023

  1. fix: Don't create fallback http(s) server when http(s) disabled 

    Before, a fallback http server was created to handle requests for
unknown virtual hosts even when `HTTPS_METHOD=nohttp`.  (In this case,
all http vhosts would be unknown.)  Likewise, a catch-all fallback
https server was still created even if `HTTPS_METHOD=nohttps`.

Now the fallback servers are created only if needed.  This brings the
behavior in line with the documentation and user expectation.  It will
also make it easier to implement a planned feature: different servers
on different ports.
    @rhansen @buchdag
    rhansen authored and buchdag committed Feb 4, 2023
    Configuration menu
    Copy the full SHA
    9b4bb07 View commit details
    Browse the repository at this point in the history