all repos — website @ c4c67c0f3a07ebed224dfc9de4c93d10c47f149a

My website

make HTTP->S redirects use same host only for HSTS
Alan Pearce alan@alanpearce.eu
Wed, 03 Jul 2024 10:35:12 +0200
commit

c4c67c0f3a07ebed224dfc9de4c93d10c47f149a

parent

336ddaf703ec403661ee3d588512934019ff9b5c

2 files changed, 32 insertions(+), 22 deletions(-)

jump to
M internal/server/server.gointernal/server/server.go
@@ -46,10 +46,9 @@ } 
 type Server struct {
 	*http.Server
-	redirectServer *http.Server
-	runtimeConfig  *Config
-	config         *cfg.Config
-	log            *log.Logger
+	runtimeConfig *Config
+	config        *cfg.Config
+	log           *log.Logger
 }
 
 func applyDevModeOverrides(config *cfg.Config, runtimeConfig *Config) {
@@ -184,15 +183,13 @@ if err != nil { 		return nil, errors.Wrap(err, "could not create website mux")
 	}
 
-	rMux := http.NewServeMux()
-	rMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		path, _ := website.CanonicalisePath(r.URL.Path)
-		newURL := config.BaseURL.JoinPath(path)
-		http.Redirect(w, r, newURL.String(), 301)
-	})
 	if runtimeConfig.Redirect {
 		loggingMux.Handle(config.BaseURL.Hostname()+"/", mux)
-		loggingMux.Handle("/", rMux)
+		loggingMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+			path, _ := website.CanonicalisePath(r.URL.Path)
+			newURL := config.BaseURL.JoinPath(path)
+			http.Redirect(w, r, newURL.String(), http.StatusMovedPermanently)
+		})
 	} else {
 		loggingMux.Handle("/", mux)
 	}
@@ -214,13 +211,6 @@ ReadTimeout:       1 * time.Minute, 			WriteTimeout:      2 * time.Minute,
 			IdleTimeout:       10 * time.Minute,
 			Handler:           top,
-		},
-		redirectServer: &http.Server{
-			ReadHeaderTimeout: 10 * time.Second,
-			ReadTimeout:       1 * time.Minute,
-			WriteTimeout:      2 * time.Minute,
-			IdleTimeout:       10 * time.Minute,
-			Handler:           rMux,
 		},
 		log:           log,
 		config:        config,
M internal/server/tls.gointernal/server/tls.go
@@ -97,12 +97,32 @@ if err != nil { 		return errors.Wrap(err, "could not bind plain socket")
 	}
 
-	go func(ln net.Listener) {
-		s.redirectServer.Handler = issuer.HTTPChallengeHandler(s.redirectServer.Handler)
-		if err := s.redirectServer.Serve(ln); err != nil && !errors.Is(err, http.ErrServerClosed) {
+	go func(ln net.Listener, srv *http.Server) {
+		httpMux := http.NewServeMux()
+		httpMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+			if certmagic.LooksLikeHTTPChallenge(r) && issuer.HandleHTTPChallenge(w, r) {
+				return
+			}
+			url := r.URL
+			url.Scheme = "https"
+			host, _, err := net.SplitHostPort(r.Host)
+			if err != nil {
+				log.Warn("error splitting host and port", "error", err)
+				host = s.config.BaseURL.Hostname()
+			}
+			url.Host = net.JoinHostPort(host, s.config.BaseURL.Port())
+			http.Redirect(w, r, url.String(), http.StatusMovedPermanently)
+		})
+
+		if err := srv.Serve(ln); err != nil && !errors.Is(err, http.ErrServerClosed) {
 			log.Error("error in http handler", "error", err)
 		}
-	}(ln)
+	}(ln, &http.Server{
+		ReadHeaderTimeout: s.ReadHeaderTimeout,
+		ReadTimeout:       s.ReadTimeout,
+		WriteTimeout:      s.WriteTimeout,
+		IdleTimeout:       s.IdleTimeout,
+	})
 
 	log.Debug(
 		"starting certmagic",