dokku · josegonzalez · Oct 23, 2022 · Oct 22, 2022 · Oct 22, 2022 · Oct 22, 2022
diff --git a/.devcontainer/bin/download-go-mod b/.devcontainer/bin/download-go-mod
@@ -10,16 +10,16 @@ main() {
 
   echo "-----> Fetching spf13/pflag dependency for subcommands"
   go get github.com/spf13/pflag || true
-  pushd "$plugin_root" >/dev/null
+  pushd "$plugin_root" >/dev/null || true
   find "$plugin_root/" -mindepth 1 -maxdepth 1 -type d -printf '%f\n' | while read -r plugin; do
-    pushd "$plugin_root/$plugin" >/dev/null
+    pushd "$plugin_root/$plugin" >/dev/null || true
     if [[ -f "go.mod" ]]; then
       echo "-----> Fetching dependencies for $plugin plugin"
       go get || true
     fi
-    popd >/dev/null
+    popd >/dev/null || true
   done
-  popd >/dev/null
+  popd >/dev/null || true
 }
 
 main "$@"
diff --git a/plugins/nginx-vhosts/functions b/plugins/nginx-vhosts/functions
@@ -320,6 +320,11 @@ nginx_build_config() {
   local IS_APP_VHOST_ENABLED=true
   plugn trigger domains-vhost-enabled "$APP" 2>/dev/null || IS_APP_VHOST_ENABLED=false
 
+  local IS_SSL_ENABLED=false
+  if is_ssl_enabled "$APP"; then
+    IS_SSL_ENABLED=true
+  fi
+
   if [[ "$(plugn trigger proxy-is-enabled "$APP")" == "true" ]]; then
     if [[ -z "$DOKKU_APP_LISTEN_PORT" ]] && [[ -z "$DOKKU_APP_LISTEN_IP" ]]; then
       DOKKU_APP_LISTENERS="$(plugn trigger network-get-listeners "$APP" "web" | xargs)"
@@ -333,19 +338,28 @@ nginx_build_config() {
     local PROXY_SSL_PORT=$(config_get "$APP" DOKKU_PROXY_SSL_PORT)
     local PROXY_PORT_MAP=$(config_get "$APP" DOKKU_PROXY_PORT_MAP)
 
-    local PORT_MAP
+    local PORT_MAP proxy_port_map
     for PORT_MAP in $PROXY_PORT_MAP; do
+      local PROXY_UPSTREAM_SCHEME="$(awk -F ':' '{ print $1 }' <<<"$PORT_MAP")"
+      if [[ "$PROXY_UPSTREAM_SCHEME" == "https" ]] && [[ "$IS_SSL_ENABLED" == "false" ]]; then
+        dokku_log_warn "Ignoring detected https port mapping without an accompanying ssl certificate (${PORT_MAP})"
+        continue
+      fi
+
+      proxy_port_map="$proxy_port_map $PORT_MAP"
+
       local PROXY_UPSTREAM_PORT="$(awk -F ':' '{ print $3 }' <<<"$PORT_MAP")"
       if [[ "$(is_val_in_list "$PROXY_UPSTREAM_PORT" "$PROXY_UPSTREAM_PORTS" " ")" == "false" ]]; then
         local PROXY_UPSTREAM_PORTS+="$PROXY_UPSTREAM_PORT "
       fi
     done
+    PROXY_PORT_MAP="$proxy_port_map"
     local PROXY_UPSTREAM_PORTS="$(echo "$PROXY_UPSTREAM_PORTS" | xargs)"
 
     local SSL_INUSE=
     local NONSSL_VHOSTS=$(plugn trigger domains-list "$APP")
     local NOSSL_SERVER_NAME=$(echo "$NONSSL_VHOSTS" | xargs)
-    if is_ssl_enabled "$APP"; then
+    if [[ "$IS_SSL_ENABLED" == "true" ]]; then
       local SSL_INUSE=true
       local SCHEME=https
       validate_ssl_domains "$APP"

diff --git a/tests/unit/nginx-vhosts_8.bats b/tests/unit/nginx-vhosts_8.bats
@@ -116,3 +116,27 @@ teardown() {
   echo "status: $status"
   assert_output_contains "45s;" 0
 }
+
+@test "(nginx-vhosts) nginx:build-config ignore bad https mapping" {
+  setup_test_tls
+  run deploy_app "dockerfile-noexpose"
+  echo "output: $output"
+  echo "status: $status"
+  assert_output_contains "Ignoring detected https port mapping without an accompanying ssl certificate" 0
+
+  teardown_test_tls
+  run /bin/bash -c "dokku proxy:report $TEST_APP --proxy-port-map"
+  echo "output: $output"
+  echo "status: $status"
+  assert_output "http:80:5000 https:443:5000"
+
+  run /bin/bash -c "dokku nginx:build-config $TEST_APP"
+  echo "output: $output"
+  echo "status: $status"
+  assert_output_contains "Ignoring detected https port mapping without an accompanying ssl certificate" 1
+
+  run /bin/bash -c "dokku proxy:report $TEST_APP --proxy-port-map"
+  echo "output: $output"
+  echo "status: $status"
+  assert_output "http:80:5000 https:443:5000"
+}
diff --git a/tests/unit/test_helper.bash b/tests/unit/test_helper.bash
@@ -366,6 +366,11 @@ setup_test_tls() {
   sudo chown -R dokku:dokku "${TLS}/.."
 }
 
+teardown_test_tls() {
+  local TLS="/home/dokku/$TEST_APP/tls"
+  rm -rf "$TLS"
+}
+
 custom_ssl_nginx_template() {
   local APP="$1"
   local APP_REPO_DIR="$2"