Add HTTP>HTTPS redirection

Required switching to TLS for LetsEncrypt, so I could disable
the HTTP ACME handler. Pretty sure there's a way to keep them
both enabled but this is fine for now.
This commit is contained in:
Anders Pitman 2020-10-07 10:44:37 -06:00
parent f234049877
commit 274725b5c5

View File

@ -51,8 +51,8 @@ func Listen() {
log.Fatal(err)
}
//certmagic.DefaultACME.DisableHTTPChallenge = true
certmagic.DefaultACME.DisableTLSALPNChallenge = true
certmagic.DefaultACME.DisableHTTPChallenge = true
//certmagic.DefaultACME.DisableTLSALPNChallenge = true
//certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA
certConfig := certmagic.NewDefault()
@ -75,7 +75,7 @@ func Listen() {
tlsConfig := &tls.Config{
GetCertificate: certConfig.GetCertificate,
NextProtos: []string{"h2"},
NextProtos: []string{"h2", "acme-tls/1"},
}
tlsListener, err := tls.Listen("tcp", ":443", tlsConfig)
if err != nil {
@ -90,6 +90,13 @@ func Listen() {
}
})
// taken from: https://stackoverflow.com/a/37537134/943814
go func() {
if err := http.ListenAndServe(":80", http.HandlerFunc(redirectTLS)); err != nil {
log.Fatalf("ListenAndServe error: %v", err)
}
}()
log.Println("BoringProxy ready")
http.Serve(tlsListener, nil)
@ -145,3 +152,9 @@ func (p *BoringProxy) proxyRequest(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(upstreamRes.StatusCode)
io.Copy(w, upstreamRes.Body)
}
func redirectTLS(w http.ResponseWriter, r *http.Request) {
url := fmt.Sprintf("https://%s:443%s", r.Host, r.RequestURI)
log.Println("redir", url)
http.Redirect(w, r, url, http.StatusMovedPermanently)
}