about summary refs log tree commit diff stats
path: root/internal/server/tls.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/server/tls.go')
-rw-r--r--internal/server/tls.go38
1 files changed, 15 insertions, 23 deletions
diff --git a/internal/server/tls.go b/internal/server/tls.go
index 7bd4a1c..254cd12 100644
--- a/internal/server/tls.go
+++ b/internal/server/tls.go
@@ -35,29 +35,6 @@ func (s *Server) serveTLS() (err error) {
 	certmagic.DefaultACME.Agreed = true
 	certmagic.DefaultACME.Email = s.config.Email
 
-	ln, err := listenfd.GetListener(
-		1,
-		net.JoinHostPort(s.runtimeConfig.ListenAddress, strconv.Itoa(s.runtimeConfig.Port)),
-	)
-	if err != nil {
-		return errors.Wrap(err, "could not bind plain socket")
-	}
-
-	go func(ln net.Listener) {
-		redirecter := http.NewServeMux()
-		redirecter.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-			if certmagic.LooksLikeHTTPChallenge(r) {
-				issuer.HandleHTTPChallenge(w, r)
-			} else {
-				s.redirectHandler(w, r)
-			}
-		})
-		err := http.Serve(ln, redirecter)
-		if err != nil && !errors.Is(err, http.ErrServerClosed) {
-			log.Error("error in http handler", "error", err)
-		}
-	}(ln)
-
 	if s.runtimeConfig.Development {
 		ca := s.runtimeConfig.ACMECA
 		if ca == "" {
@@ -114,6 +91,21 @@ func (s *Server) serveTLS() (err error) {
 		}
 	}
 
+	ln, err := listenfd.GetListener(
+		1,
+		net.JoinHostPort(s.runtimeConfig.ListenAddress, strconv.Itoa(s.runtimeConfig.Port)),
+	)
+	if err != nil {
+		return errors.Wrap(err, "could not bind plain socket")
+	}
+
+	go func(ln net.Listener) {
+		s.redirectServer.Handler = issuer.HTTPChallengeHandler(s.redirectServer.Handler)
+		if err := s.redirectServer.Serve(ln); err != nil && !errors.Is(err, http.ErrServerClosed) {
+			log.Error("error in http handler", "error", err)
+		}
+	}(ln)
+
 	log.Debug(
 		"starting certmagic",
 		"http_port",