Currently, this doesn't work:
:8443 {
tls internal {
on_demand
}
}
Instead, we need to do this:
https://:8443 {
tls internal {
on_demand
}
}
This is not intuitive. Using the tls directive should make the site address have TLS enabled without having to specify https://.
The rule as I understand it right now is if there's a domain with a non-standard port, it'll enable TLS, but if there's no domain then it uses HTTP. But it should also use TLS if the tls directive is specified.
The key difference can be seen with caddy adapt --pretty, without https://, there's no tls_connection_policies for the server. It should have at least an empty connection policy when tls is used.
Currently, this doesn't work:
Instead, we need to do this:
This is not intuitive. Using the
tlsdirective should make the site address have TLS enabled without having to specifyhttps://.The rule as I understand it right now is if there's a domain with a non-standard port, it'll enable TLS, but if there's no domain then it uses HTTP. But it should also use TLS if the
tlsdirective is specified.The key difference can be seen with
caddy adapt --pretty, withouthttps://, there's notls_connection_policiesfor the server. It should have at least an empty connection policy whentlsis used.