sniproxy: add promote-https (#7487)

Adds support for an HTTP server that promotes all requests to HTTPS.
The flag is `-promote-https` and defaults to true.

Updates #1748
This commit is contained in:
shayne 2023-03-07 11:46:02 -05:00 committed by GitHub
parent 49e2d3a7bd
commit f7a7957a11
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -11,6 +11,7 @@
"flag" "flag"
"log" "log"
"net" "net"
"net/http"
"strings" "strings"
"time" "time"
@ -22,7 +23,10 @@
"tailscale.com/types/nettype" "tailscale.com/types/nettype"
) )
var ports = flag.String("ports", "443", "comma-separated list of ports to proxy") var (
ports = flag.String("ports", "443", "comma-separated list of ports to proxy")
promoteHTTPS = flag.Bool("promote-https", true, "promote HTTP to HTTPS")
)
var tsMBox = dnsmessage.MustNewName("support.tailscale.com.") var tsMBox = dnsmessage.MustNewName("support.tailscale.com.")
@ -56,6 +60,15 @@ func main() {
} }
go s.serveDNS(ln) go s.serveDNS(ln)
if *promoteHTTPS {
ln, err := s.ts.Listen("tcp", ":80")
if err != nil {
log.Fatal(err)
}
log.Printf("Promoting HTTP to HTTPS ...")
go s.promoteHTTPS(ln)
}
select {} select {}
} }
@ -197,3 +210,10 @@ func (s *server) dnsResponse(req *dnsmessage.Message) (buf []byte, err error) {
return resp.Finish() return resp.Finish()
} }
func (s *server) promoteHTTPS(ln net.Listener) {
err := http.Serve(ln, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "https://"+r.Host+r.RequestURI, http.StatusFound)
}))
log.Fatalf("promoteHTTPS http.Serve: %v", err)
}