Set the redirect handler for lets encrypt.

This commit sets the http handler to the redirect function for let's encrypt
enabled drone instances. In addition, the `Strict-Transport-Security` header is
added to the redirect given `header.Secure` will only be added for gin routes.

This commit resolves #2261.
This commit is contained in:
Mark Spicer 2017-11-15 23:27:57 -05:00
parent 238e916fa0
commit 8476c90bbf

View file

@ -565,7 +565,7 @@ func server(c *cli.Context) error {
// start the server with lets encrypt enabled // start the server with lets encrypt enabled
// listen on ports 443 and 80 // listen on ports 443 and 80
g.Go(func() error { g.Go(func() error {
return http.ListenAndServe(":http", handler) return http.ListenAndServe(":http", http.HandlerFunc(redirect))
}) })
g.Go(func() error { g.Go(func() error {
@ -681,6 +681,9 @@ func redirect(w http.ResponseWriter, req *http.Request) {
serverHost = strings.TrimPrefix(serverHost, "https://") serverHost = strings.TrimPrefix(serverHost, "https://")
req.URL.Scheme = "https" req.URL.Scheme = "https"
req.URL.Host = serverHost req.URL.Host = serverHost
w.Header().Set("Strict-Transport-Security", "max-age=31536000")
http.Redirect(w, req, req.URL.String(), http.StatusMovedPermanently) http.Redirect(w, req, req.URL.String(), http.StatusMovedPermanently)
} }