mirror of
https://github.com/boringproxy/boringproxy.git
synced 2025-02-25 18:55:29 -06:00
Add HTTP>HTTPS redirection
Required switching to TLS for LetsEncrypt, so I could disable the HTTP ACME handler. Pretty sure there's a way to keep them both enabled but this is fine for now.
This commit is contained in:
parent
f234049877
commit
274725b5c5
@ -51,8 +51,8 @@ func Listen() {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
//certmagic.DefaultACME.DisableHTTPChallenge = true
|
||||
certmagic.DefaultACME.DisableTLSALPNChallenge = true
|
||||
certmagic.DefaultACME.DisableHTTPChallenge = true
|
||||
//certmagic.DefaultACME.DisableTLSALPNChallenge = true
|
||||
//certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA
|
||||
certConfig := certmagic.NewDefault()
|
||||
|
||||
@ -75,7 +75,7 @@ func Listen() {
|
||||
|
||||
tlsConfig := &tls.Config{
|
||||
GetCertificate: certConfig.GetCertificate,
|
||||
NextProtos: []string{"h2"},
|
||||
NextProtos: []string{"h2", "acme-tls/1"},
|
||||
}
|
||||
tlsListener, err := tls.Listen("tcp", ":443", tlsConfig)
|
||||
if err != nil {
|
||||
@ -90,6 +90,13 @@ func Listen() {
|
||||
}
|
||||
})
|
||||
|
||||
// taken from: https://stackoverflow.com/a/37537134/943814
|
||||
go func() {
|
||||
if err := http.ListenAndServe(":80", http.HandlerFunc(redirectTLS)); err != nil {
|
||||
log.Fatalf("ListenAndServe error: %v", err)
|
||||
}
|
||||
}()
|
||||
|
||||
log.Println("BoringProxy ready")
|
||||
|
||||
http.Serve(tlsListener, nil)
|
||||
@ -145,3 +152,9 @@ func (p *BoringProxy) proxyRequest(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(upstreamRes.StatusCode)
|
||||
io.Copy(w, upstreamRes.Body)
|
||||
}
|
||||
|
||||
func redirectTLS(w http.ResponseWriter, r *http.Request) {
|
||||
url := fmt.Sprintf("https://%s:443%s", r.Host, r.RequestURI)
|
||||
log.Println("redir", url)
|
||||
http.Redirect(w, r, url, http.StatusMovedPermanently)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user