diff --git a/.devcontainer/bin/download-go-mod b/.devcontainer/bin/download-go-mod index f2804e44084..90973dfad5f 100755 --- a/.devcontainer/bin/download-go-mod +++ b/.devcontainer/bin/download-go-mod @@ -10,16 +10,16 @@ main() { echo "-----> Fetching spf13/pflag dependency for subcommands" go get github.com/spf13/pflag || true - pushd "$plugin_root" >/dev/null + pushd "$plugin_root" >/dev/null || true find "$plugin_root/" -mindepth 1 -maxdepth 1 -type d -printf '%f\n' | while read -r plugin; do - pushd "$plugin_root/$plugin" >/dev/null + pushd "$plugin_root/$plugin" >/dev/null || true if [[ -f "go.mod" ]]; then echo "-----> Fetching dependencies for $plugin plugin" go get || true fi - popd >/dev/null + popd >/dev/null || true done - popd >/dev/null + popd >/dev/null || true } main "$@" diff --git a/plugins/nginx-vhosts/functions b/plugins/nginx-vhosts/functions index 426e91db77d..da4649af55e 100755 --- a/plugins/nginx-vhosts/functions +++ b/plugins/nginx-vhosts/functions @@ -320,6 +320,11 @@ nginx_build_config() { local IS_APP_VHOST_ENABLED=true plugn trigger domains-vhost-enabled "$APP" 2>/dev/null || IS_APP_VHOST_ENABLED=false + local IS_SSL_ENABLED=false + if is_ssl_enabled "$APP"; then + IS_SSL_ENABLED=true + fi + if [[ "$(plugn trigger proxy-is-enabled "$APP")" == "true" ]]; then if [[ -z "$DOKKU_APP_LISTEN_PORT" ]] && [[ -z "$DOKKU_APP_LISTEN_IP" ]]; then DOKKU_APP_LISTENERS="$(plugn trigger network-get-listeners "$APP" "web" | xargs)" @@ -333,19 +338,28 @@ nginx_build_config() { local PROXY_SSL_PORT=$(config_get "$APP" DOKKU_PROXY_SSL_PORT) local PROXY_PORT_MAP=$(config_get "$APP" DOKKU_PROXY_PORT_MAP) - local PORT_MAP + local PORT_MAP proxy_port_map for PORT_MAP in $PROXY_PORT_MAP; do + local PROXY_UPSTREAM_SCHEME="$(awk -F ':' '{ print $1 }' <<<"$PORT_MAP")" + if [[ "$PROXY_UPSTREAM_SCHEME" == "https" ]] && [[ "$IS_SSL_ENABLED" == "false" ]]; then + dokku_log_warn "Ignoring detected https port mapping without an accompanying ssl certificate (${PORT_MAP})" + continue + fi + + proxy_port_map="$proxy_port_map $PORT_MAP" + local PROXY_UPSTREAM_PORT="$(awk -F ':' '{ print $3 }' <<<"$PORT_MAP")" if [[ "$(is_val_in_list "$PROXY_UPSTREAM_PORT" "$PROXY_UPSTREAM_PORTS" " ")" == "false" ]]; then local PROXY_UPSTREAM_PORTS+="$PROXY_UPSTREAM_PORT " fi done + PROXY_PORT_MAP="$proxy_port_map" local PROXY_UPSTREAM_PORTS="$(echo "$PROXY_UPSTREAM_PORTS" | xargs)" local SSL_INUSE= local NONSSL_VHOSTS=$(plugn trigger domains-list "$APP") local NOSSL_SERVER_NAME=$(echo "$NONSSL_VHOSTS" | xargs) - if is_ssl_enabled "$APP"; then + if [[ "$IS_SSL_ENABLED" == "true" ]]; then local SSL_INUSE=true local SCHEME=https validate_ssl_domains "$APP" diff --git a/tests/unit/nginx-vhosts_8.bats b/tests/unit/nginx-vhosts_8.bats index 00f202748ac..e1de6ab34ee 100644 --- a/tests/unit/nginx-vhosts_8.bats +++ b/tests/unit/nginx-vhosts_8.bats @@ -116,3 +116,27 @@ teardown() { echo "status: $status" assert_output_contains "45s;" 0 } + +@test "(nginx-vhosts) nginx:build-config ignore bad https mapping" { + setup_test_tls + run deploy_app "dockerfile-noexpose" + echo "output: $output" + echo "status: $status" + assert_output_contains "Ignoring detected https port mapping without an accompanying ssl certificate" 0 + + teardown_test_tls + run /bin/bash -c "dokku proxy:report $TEST_APP --proxy-port-map" + echo "output: $output" + echo "status: $status" + assert_output "http:80:5000 https:443:5000" + + run /bin/bash -c "dokku nginx:build-config $TEST_APP" + echo "output: $output" + echo "status: $status" + assert_output_contains "Ignoring detected https port mapping without an accompanying ssl certificate" 1 + + run /bin/bash -c "dokku proxy:report $TEST_APP --proxy-port-map" + echo "output: $output" + echo "status: $status" + assert_output "http:80:5000 https:443:5000" +} diff --git a/tests/unit/test_helper.bash b/tests/unit/test_helper.bash index da08bfff6bd..93e63b70d69 100644 --- a/tests/unit/test_helper.bash +++ b/tests/unit/test_helper.bash @@ -366,6 +366,11 @@ setup_test_tls() { sudo chown -R dokku:dokku "${TLS}/.." } +teardown_test_tls() { + local TLS="/home/dokku/$TEST_APP/tls" + rm -rf "$TLS" +} + custom_ssl_nginx_template() { local APP="$1" local APP_REPO_DIR="$2"