redirect, vs. proxy, 80->443 without LE enabled (#9020)

The code incorrectly got refactored to proxy instead of forward, deviating from the behaviour when LE is enabled.

1 files changed, 16 insertions, 8 deletions

diff --git a/app/server.go b/app/server.go
index d71a884d2..769690295 100644
--- a/app/server.go
+++ b/app/server.go
@@ -92,15 +92,23 @@ func (cw *CorsWrapper) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 const TIME_TO_WAIT_FOR_CONNECTIONS_TO_CLOSE_ON_SERVER_SHUTDOWN = time.Second
 
-func redirectHTTPToHTTPS(w http.ResponseWriter, r *http.Request) {
-	if r.Host == "" {
-		http.Error(w, "Not Found", http.StatusNotFound)
+// golang.org/x/crypto/acme/autocert/autocert.go
+func handleHTTPRedirect(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "GET" && r.Method != "HEAD" {
+		http.Error(w, "Use HTTPS", http.StatusBadRequest)
+		return
 	}
+	target := "https://" + stripPort(r.Host) + r.URL.RequestURI()
+	http.Redirect(w, r, target, http.StatusFound)
+}
 
-	url := r.URL
-	url.Host = r.Host
-	url.Scheme = "https"
-	http.Redirect(w, r, url.String(), http.StatusFound)
+// golang.org/x/crypto/acme/autocert/autocert.go
+func stripPort(hostport string) string {
+	host, _, err := net.SplitHostPort(hostport)
+	if err != nil {
+		return hostport
+	}
+	return net.JoinHostPort(host, "443")
 }
 
 func (a *App) StartServer() error {
@@ -182,7 +190,7 @@ func (a *App) StartServer() error {
 					defer redirectListener.Close()
 
 					server := &http.Server{
-						Handler:  handler,
+						Handler:  http.HandlerFunc(handleHTTPRedirect),
 						ErrorLog: a.Log.StdLog(mlog.String("source", "forwarder_server")),
 					}
 					server.Serve(redirectListener)