From 648d12bf169efc73c66d9cdfe97eaac9681c3d1b Mon Sep 17 00:00:00 2001
From: fuomag9 <1580624+fuomag9@users.noreply.github.com>
Date: Thu, 22 Jan 2026 22:44:31 +0100
Subject: [PATCH] The fix now properly merges the DNS resolver config into the
 existing transport, preserving TLS settings for HTTPS upstreams

---
 src/lib/caddy.ts | 37 +++++++++++++++++++------------------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/src/lib/caddy.ts b/src/lib/caddy.ts
index bd3c459a..d2453930 100644
--- a/src/lib/caddy.ts
+++ b/src/lib/caddy.ts
@@ -495,10 +495,23 @@ function buildProxyRoutes(
     }
 
     // Add transport-level DNS resolver config if enabled
-    if (dnsConfig) {
-      const transportConfig = buildTransportResolverConfig(dnsConfig);
-      if (transportConfig) {
-        reverseProxyHandler.transport = transportConfig;
+    if (dnsConfig && dnsConfig.enabled && dnsConfig.resolvers.length > 0) {
+      const resolverConfig = buildResolverConfig(dnsConfig);
+      if (resolverConfig) {
+        // Merge resolver into existing transport (preserving TLS settings for HTTPS upstreams)
+        if (reverseProxyHandler.transport) {
+          (reverseProxyHandler.transport as Record<string, unknown>).resolver = resolverConfig;
+          if (dnsConfig.timeout) {
+            (reverseProxyHandler.transport as Record<string, unknown>).dial_timeout = dnsConfig.timeout;
+          }
+        } else {
+          // No existing transport, create one with resolver
+          reverseProxyHandler.transport = {
+            protocol: "http",
+            resolver: resolverConfig,
+            ...(dnsConfig.timeout ? { dial_timeout: dnsConfig.timeout } : {})
+          };
+        }
       }
     }
 
@@ -1406,7 +1419,7 @@ function parseDnsResolverConfig(meta: DnsResolverMeta | undefined | null): DnsRe
   };
 }
 
-function buildTransportResolverConfig(dnsConfig: DnsResolverRouteConfig): Record<string, unknown> | null {
+function buildResolverConfig(dnsConfig: DnsResolverRouteConfig): Record<string, unknown> | null {
   if (!dnsConfig || !dnsConfig.enabled || dnsConfig.resolvers.length === 0) {
     return null;
   }
@@ -1423,17 +1436,5 @@ function buildTransportResolverConfig(dnsConfig: DnsResolverRouteConfig): Record
     addresses.push(...dnsConfig.fallbacks.map(formatResolver));
   }
 
-  const transport: Record<string, unknown> = {
-    protocol: "http",
-    resolver: {
-      addresses
-    }
-  };
-
-  // Add dial timeout if specified
-  if (dnsConfig.timeout) {
-    transport.dial_timeout = dnsConfig.timeout;
-  }
-
-  return transport;
+  return { addresses };
 }