From 1e89321812a9e7bf6fae95afd7f3653daed3eeaf Mon Sep 17 00:00:00 2001
From: Tracey Jaquith <tracey@archive.org>
Date: Thu, 31 Oct 2024 19:11:48 -0700
Subject: [PATCH] dropping any http:// access to control plane. no longer
 allowing http:// only "alt ports"

---
 etc/Caddyfile.ctmpl | 20 +-------------------
 1 file changed, 1 insertion(+), 19 deletions(-)

diff --git a/etc/Caddyfile.ctmpl b/etc/Caddyfile.ctmpl
index 914b675..6c91022 100644
--- a/etc/Caddyfile.ctmpl
+++ b/etc/Caddyfile.ctmpl
@@ -30,9 +30,6 @@ https://{{- . }} {
   {{ end }}
 	log
 }
-http://{{- . }} {
-  redir https://{host}{uri} permanent
-}
 {{ end }}
 
 
@@ -82,10 +79,9 @@ http://{{ $hosty }} {
 
 
 
-# NOTE: three styles of possible origins:
+# NOTE: two styles of possible origins:
 #          https://av.dev.archive.org
 #          https://av.dev.archive.org:5432
-#          http://av.dev.archive.org:5432
 
 # NOTE: `trusted_proxies` is for `X-Forwarded-Host` header from something like nginx `proxy_pass`.
 # NOTE: `@hsts-on` allows for requests coming in over http:// from something like nginx `proxy_pass`
@@ -141,20 +137,6 @@ http://{{ $origin | regexReplaceAll "^https://" "" }} {
 	log
 }
       {{- end -}}
-
-
-    {{- else if $origin | regexMatch "^http://" -}}
-
-
-# (rare) HTTP only port
-{{ $origin }} {
-  reverse_proxy {{ range $services }} {{ .Address }}:{{ .Port }} {{ end }} {
-    lb_policy least_conn
-  }
-	log
-}
-
-
     {{- end -}}
   {{- end -}}
 {{- end }}