cmd/routed: use HTTP-01 challenges

This commit is contained in:
Cadey Ratio 2018-01-16 20:49:45 -08:00
parent 5dec8c2014
commit 1a7fc0892d
2 changed files with 19 additions and 16 deletions

View File

@ -55,22 +55,8 @@ func main() {
defer l.Close() defer l.Close()
hs := &http.Server{ hs := &http.Server{
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { Handler: s.Manager.HTTPHandler(http.HandlerFunc(insecureRedirect)),
switch r.Method { Addr: scfg.WebAddr,
case http.MethodPatch, http.MethodPut, http.MethodPost:
http.Error(w, "use https", http.StatusNotAcceptable)
ln.Log(r.Context(), ln.Action("cannot redirect (wrong method)"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
return
}
r.URL.Host = r.Host
r.URL.Scheme = "https"
ln.Log(r.Context(), ln.Action("redirecting insecure HTTP to HTTPS"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
http.Redirect(w, r, r.URL.String(), http.StatusPermanentRedirect)
}),
Addr: scfg.WebAddr,
} }
hs.Serve(l) hs.Serve(l)

View File

@ -200,3 +200,20 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
rp.ServeHTTP(w, r) rp.ServeHTTP(w, r)
} }
// insecureRedirect redirects a client to https if they connect over plain HTTP.
func insecureRedirect(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case http.MethodPatch, http.MethodPut, http.MethodPost:
http.Error(w, "use https", http.StatusNotAcceptable)
ln.Log(r.Context(), ln.Action("cannot redirect (wrong method)"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
return
}
r.URL.Host = r.Host
r.URL.Scheme = "https"
ln.Log(r.Context(), ln.Action("redirecting insecure HTTP to HTTPS"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
http.Redirect(w, r, r.URL.String(), http.StatusPermanentRedirect)
}