If ssl is enabled, require ssl

ruckstack · Dec 29, 2020 · d52450f · d52450f
1 parent a8803ea
commit d52450f
Showing 1 changed file with 24 additions and 9 deletions.
diff --git a/server/system_control/internal/server/webserver/webserver.go b/server/system_control/internal/server/webserver/webserver.go
@@ -44,20 +44,13 @@ func Start(ctx context.Context) error {
 
 	http.HandleFunc("/", handleRequest)
 
-	go func() {
-		logger.Println("Starting listener on port 80")
-		if err := http.ListenAndServe(":80", nil); err != nil {
-			e := fmt.Errorf("error starting webserver listener on port 80: %s", err)
-			logger.Println(e)
-			//ui.Fatal(e)
-		}
-	}()
-
+	httpsSupported := false
 	_, err = os.Stat(sslKeyFilePath)
 	if err == nil {
 		_, err = os.Stat(sslCertFilePath)
 		if err == nil {
 			go func() {
+				httpsSupported = true
 				logger.Println("Starting listener on port 443")
 				if err := http.ListenAndServeTLS(":443",
 					sslCertFilePath,
@@ -75,6 +68,20 @@ func Start(ctx context.Context) error {
 		logger.Printf("Not starting https, cannot use key in %s: %s", sslKeyFilePath, err)
 	}
 
+	go func() {
+		var handler http.Handler
+		if httpsSupported {
+			handler = http.HandlerFunc(redirectToHttps)
+		}
+
+		logger.Println("Starting listener on port 80")
+		if err := http.ListenAndServe(":80", handler); err != nil {
+			e := fmt.Errorf("error starting webserver listener on port 80: %s", err)
+			logger.Println(e)
+			//ui.Fatal(e)
+		}
+	}()
+
 	go func() {
 		select {
 		case <-ctx.Done():
@@ -202,3 +209,11 @@ func proxyToKubernetes(res http.ResponseWriter, req *http.Request) error {
 
 	return nil
 }
+
+func redirectToHttps(responseWriter http.ResponseWriter, requeset *http.Request) {
+	target := "https://" + requeset.Host + requeset.URL.Path
+	if len(requeset.URL.RawQuery) > 0 {
+		target += "?" + requeset.URL.RawQuery
+	}
+	http.Redirect(responseWriter, requeset, target, http.StatusMovedPermanently)
+}