From 3346e735d389c5cfb674082a2441090bb99562c6 Mon Sep 17 00:00:00 2001 From: Matt Baer Date: Sat, 20 Jul 2019 21:38:02 -0400 Subject: [PATCH] Fix autocert insecure server redirect This fixes certificate validation, while keeping HTTP -> HTTPS redirection. Ref T542 --- app.go | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/app.go b/app.go index c9a770e..1fa6f8a 100644 --- a/app.go +++ b/app.go @@ -382,16 +382,6 @@ func Serve(app *App, r *mux.Router) { } var err error if app.cfg.IsSecureStandalone() { - log.Info("Serving redirects on http://%s:80", bindAddress) - go func() { - err = http.ListenAndServe( - fmt.Sprintf("%s:80", bindAddress), http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - http.Redirect(w, r, app.cfg.App.Host, http.StatusMovedPermanently) - })) - log.Error("Unable to start redirect server: %v", err) - }() - - log.Info("Serving on https://%s:443", bindAddress) if app.cfg.Server.Autocert { m := &autocert.Manager{ Prompt: autocert.AcceptTOS, @@ -418,9 +408,25 @@ requests. We recommend supplying a valid host name.`) } s.SetKeepAlivesEnabled(false) + go func() { + log.Info("Serving redirects on http://%s:80", bindAddress) + err = http.ListenAndServe(":80", m.HTTPHandler(nil)) + log.Error("Unable to start redirect server: %v", err) + }() + + log.Info("Serving on https://%s:443", bindAddress) log.Info("---") err = s.ListenAndServeTLS("", "") } else { + go func() { + log.Info("Serving redirects on http://%s:80", bindAddress) + err = http.ListenAndServe(fmt.Sprintf("%s:80", bindAddress), http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.Redirect(w, r, app.cfg.App.Host, http.StatusMovedPermanently) + })) + log.Error("Unable to start redirect server: %v", err) + }() + + log.Info("Serving on https://%s:443", bindAddress) log.Info("Using manual certificates") log.Info("---") err = http.ListenAndServeTLS(fmt.Sprintf("%s:443", bindAddress), app.cfg.Server.TLSCertPath, app.cfg.Server.TLSKeyPath, r)