From 4245797cb23b3f9dc99ff556a5ee22c4e14140bc Mon Sep 17 00:00:00 2001 From: Jesse Hallam Date: Fri, 29 Jun 2018 17:17:35 -0400 Subject: redirect, vs. proxy, 80->443 without LE enabled (#9020) The code incorrectly got refactored to proxy instead of forward, deviating from the behaviour when LE is enabled. --- app/server.go | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) (limited to 'app/server.go') diff --git a/app/server.go b/app/server.go index d71a884d2..769690295 100644 --- a/app/server.go +++ b/app/server.go @@ -92,15 +92,23 @@ func (cw *CorsWrapper) ServeHTTP(w http.ResponseWriter, r *http.Request) { const TIME_TO_WAIT_FOR_CONNECTIONS_TO_CLOSE_ON_SERVER_SHUTDOWN = time.Second -func redirectHTTPToHTTPS(w http.ResponseWriter, r *http.Request) { - if r.Host == "" { - http.Error(w, "Not Found", http.StatusNotFound) +// golang.org/x/crypto/acme/autocert/autocert.go +func handleHTTPRedirect(w http.ResponseWriter, r *http.Request) { + if r.Method != "GET" && r.Method != "HEAD" { + http.Error(w, "Use HTTPS", http.StatusBadRequest) + return } + target := "https://" + stripPort(r.Host) + r.URL.RequestURI() + http.Redirect(w, r, target, http.StatusFound) +} - url := r.URL - url.Host = r.Host - url.Scheme = "https" - http.Redirect(w, r, url.String(), http.StatusFound) +// golang.org/x/crypto/acme/autocert/autocert.go +func stripPort(hostport string) string { + host, _, err := net.SplitHostPort(hostport) + if err != nil { + return hostport + } + return net.JoinHostPort(host, "443") } func (a *App) StartServer() error { @@ -182,7 +190,7 @@ func (a *App) StartServer() error { defer redirectListener.Close() server := &http.Server{ - Handler: handler, + Handler: http.HandlerFunc(handleHTTPRedirect), ErrorLog: a.Log.StdLog(mlog.String("source", "forwarder_server")), } server.Serve(redirectListener) -- cgit v1.2.3-1-g7c22