cmd/routed: use HTTP-01 challenges

cmd/routed/main.go

@@ -55,22 +55,8 @@ func main() {
 	defer l.Close()
 
 	hs := &http.Server{
-		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			switch r.Method {
-			case http.MethodPatch, http.MethodPut, http.MethodPost:
-				http.Error(w, "use https", http.StatusNotAcceptable)
-				ln.Log(r.Context(), ln.Action("cannot redirect (wrong method)"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
-				return
-			}
-
-			r.URL.Host = r.Host
-			r.URL.Scheme = "https"
-
-			ln.Log(r.Context(), ln.Action("redirecting insecure HTTP to HTTPS"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
-
-			http.Redirect(w, r, r.URL.String(), http.StatusPermanentRedirect)
-		}),
-		Addr: scfg.WebAddr,
+		Handler: s.Manager.HTTPHandler(http.HandlerFunc(insecureRedirect)),
+		Addr:    scfg.WebAddr,
 	}
 
 	hs.Serve(l)

cmd/routed/server.go

@@ -200,3 +200,20 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 	rp.ServeHTTP(w, r)
 }
+
+// insecureRedirect redirects a client to https if they connect over plain HTTP.
+func insecureRedirect(w http.ResponseWriter, r *http.Request) {
+	switch r.Method {
+	case http.MethodPatch, http.MethodPut, http.MethodPost:
+		http.Error(w, "use https", http.StatusNotAcceptable)
+		ln.Log(r.Context(), ln.Action("cannot redirect (wrong method)"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
+		return
+	}
+
+	r.URL.Host = r.Host
+	r.URL.Scheme = "https"
+
+	ln.Log(r.Context(), ln.Action("redirecting insecure HTTP to HTTPS"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
+
+	http.Redirect(w, r, r.URL.String(), http.StatusPermanentRedirect)
+}