From 38cb381051d76de5015e3d9eab20c24a8a2aa3f3 Mon Sep 17 00:00:00 2001
From: Anders Pitman <tapitman11@gmail.com>
Date: Mon, 20 Dec 2021 22:37:50 -0700
Subject: [PATCH] HTTPS by default, but allow HTTP

---
 boringproxy.go | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/boringproxy.go b/boringproxy.go
index 3d8a74c..f1009c8 100644
--- a/boringproxy.go
+++ b/boringproxy.go
@@ -118,6 +118,7 @@ func Listen() {
 	printLogin := flagSet.Bool("print-login", false, "Prints admin login information")
 	httpPort := flagSet.Int("http-port", 80, "HTTP (insecure) port")
 	httpsPort := flagSet.Int("https-port", 443, "HTTPS (secure) port")
+	allowHttp := flagSet.Bool("allow-http", false, "Allow unencrypted (HTTP) requests")
 	err := flagSet.Parse(os.Args[2:])
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s: parsing flags: %s\n", os.Args[0], err)
@@ -308,9 +309,22 @@ func Listen() {
 	})
 
 	go func() {
-		if err := http.ListenAndServe(fmt.Sprintf(":%d", *httpPort), nil); err != nil {
-			log.Fatalf("ListenAndServe error: %v", err)
+
+		if *allowHttp {
+			if err := http.ListenAndServe(fmt.Sprintf(":%d", *httpPort), nil); err != nil {
+				log.Fatalf("ListenAndServe error: %v", err)
+			}
+		} else {
+			redirectTLS := func(w http.ResponseWriter, r *http.Request) {
+				url := fmt.Sprintf("https://%s:%d%s", r.Host, *httpsPort, r.RequestURI)
+				http.Redirect(w, r, url, http.StatusMovedPermanently)
+			}
+
+			if err := http.ListenAndServe(fmt.Sprintf(":%d", *httpPort), http.HandlerFunc(redirectTLS)); err != nil {
+				log.Fatalf("ListenAndServe error: %v", err)
+			}
 		}
+
 	}()
 
 	go http.Serve(tlsListener, nil)