From f7a7957a118c071cab3f86cdb3e786ed0756538c Mon Sep 17 00:00:00 2001 From: shayne Date: Tue, 7 Mar 2023 11:46:02 -0500 Subject: [PATCH] sniproxy: add promote-https (#7487) Adds support for an HTTP server that promotes all requests to HTTPS. The flag is `-promote-https` and defaults to true. Updates #1748 --- cmd/sniproxy/snipproxy.go | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/cmd/sniproxy/snipproxy.go b/cmd/sniproxy/snipproxy.go index 8e7b4f85d..068c107c9 100644 --- a/cmd/sniproxy/snipproxy.go +++ b/cmd/sniproxy/snipproxy.go @@ -11,6 +11,7 @@ "flag" "log" "net" + "net/http" "strings" "time" @@ -22,7 +23,10 @@ "tailscale.com/types/nettype" ) -var ports = flag.String("ports", "443", "comma-separated list of ports to proxy") +var ( + ports = flag.String("ports", "443", "comma-separated list of ports to proxy") + promoteHTTPS = flag.Bool("promote-https", true, "promote HTTP to HTTPS") +) var tsMBox = dnsmessage.MustNewName("support.tailscale.com.") @@ -56,6 +60,15 @@ func main() { } go s.serveDNS(ln) + if *promoteHTTPS { + ln, err := s.ts.Listen("tcp", ":80") + if err != nil { + log.Fatal(err) + } + log.Printf("Promoting HTTP to HTTPS ...") + go s.promoteHTTPS(ln) + } + select {} } @@ -197,3 +210,10 @@ func (s *server) dnsResponse(req *dnsmessage.Message) (buf []byte, err error) { return resp.Finish() } + +func (s *server) promoteHTTPS(ln net.Listener) { + err := http.Serve(ln, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.Redirect(w, r, "https://"+r.Host+r.RequestURI, http.StatusFound) + })) + log.Fatalf("promoteHTTPS http.Serve: %v", err) +}