mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-26 10:20:29 +00:00
Redirect HTTP to HTTPS when SSL is enabled.
In our current drone setup, we are not using a proxy, thus letting drone handle SSL termination. In addition, we are not exposing port 80 (effectively disabling insecure drone access). When new engineers join and attempt to access drone, they are not sent a 301 and often complain that they either do not have access or that drone is broken (when in reality they are just accessing drone via the incorrect protocol/port). This commit changes the default behavior when running drone with a server-cert by only sending redirects on port 80 rather than allowing both secure and insecure access.
This commit is contained in:
parent
0c972d8fc5
commit
238e916fa0
1 changed files with 10 additions and 1 deletions
|
@ -536,7 +536,7 @@ func server(c *cli.Context) error {
|
|||
// start the server with tls enabled
|
||||
if c.String("server-cert") != "" {
|
||||
g.Go(func() error {
|
||||
return http.ListenAndServe(":http", handler)
|
||||
return http.ListenAndServe(":http", http.HandlerFunc(redirect))
|
||||
})
|
||||
g.Go(func() error {
|
||||
serve := &http.Server{
|
||||
|
@ -675,6 +675,15 @@ func (a *authorizer) authorize(ctx context.Context) error {
|
|||
return errors.New("missing agent token")
|
||||
}
|
||||
|
||||
func redirect(w http.ResponseWriter, req *http.Request) {
|
||||
var serverHost string = droneserver.Config.Server.Host
|
||||
serverHost = strings.TrimPrefix(serverHost, "http://")
|
||||
serverHost = strings.TrimPrefix(serverHost, "https://")
|
||||
req.URL.Scheme = "https"
|
||||
req.URL.Host = serverHost
|
||||
http.Redirect(w, req, req.URL.String(), http.StatusMovedPermanently)
|
||||
}
|
||||
|
||||
func cacheDir() string {
|
||||
const base = "golang-autocert"
|
||||
if xdg := os.Getenv("XDG_CACHE_HOME"); xdg != "" {
|
||||
|
|
Loading…
Reference in a new issue