From 83b03ab6f6e2b7ad59f5e229eca7e66a15275497 Mon Sep 17 00:00:00 2001 From: "hongwei.chen" Date: Sun, 13 Jul 2025 01:51:25 +0800 Subject: [PATCH] feat: allow HTTP server to serve content directly without HTTPS redirect - Modify SetupHTTPACMEChallengeServer to accept enableRedirect parameter - When ENABLE_HTTP_SERVER is true, HTTP requests are served directly instead of redirecting to HTTPS - HTTP server now uses the same handler as HTTPS server for content requests - ACME challenges are still handled properly on HTTP port --- server/certificates/cached_challengers.go | 28 +++++++++++++++-------- server/startup.go | 27 ++++++++++++---------- 2 files changed, 33 insertions(+), 22 deletions(-) diff --git a/server/certificates/cached_challengers.go b/server/certificates/cached_challengers.go index 39439fb..18e720d 100644 --- a/server/certificates/cached_challengers.go +++ b/server/certificates/cached_challengers.go @@ -46,7 +46,7 @@ func (a AcmeHTTPChallengeProvider) CleanUp(domain, token, _ string) error { return nil } -func SetupHTTPACMEChallengeServer(challengeCache cache.ICache, sslPort uint) http.HandlerFunc { +func SetupHTTPACMEChallengeServer(challengeCache cache.ICache, sslPort uint, enableRedirect bool, httpHandler http.HandlerFunc) http.HandlerFunc { // handle custom-ssl-ports to be added on https redirects portPart := "" if sslPort != 443 { @@ -69,15 +69,23 @@ func SetupHTTPACMEChallengeServer(challengeCache cache.ICache, sslPort uint) htt return } - // it's a normal http request that needs to be redirected - u, err := url.Parse(fmt.Sprintf("https://%s%s%s", domain, portPart, ctx.Path())) - if err != nil { - log.Error().Err(err).Msg("could not craft http to https redirect") - ctx.String("", http.StatusInternalServerError) - } + // it's a normal http request + if enableRedirect { + // redirect to https + u, err := url.Parse(fmt.Sprintf("https://%s%s%s", domain, portPart, ctx.Path())) + if err != nil { + log.Error().Err(err).Msg("could not craft http to https redirect") + ctx.String("", http.StatusInternalServerError) + return + } - newURL := u.String() - log.Debug().Msgf("redirect http to https: %s", newURL) - ctx.Redirect(newURL, http.StatusMovedPermanently) + newURL := u.String() + log.Debug().Msgf("redirect http to https: %s", newURL) + ctx.Redirect(newURL, http.StatusMovedPermanently) + } else { + // serve content directly using the same handler as HTTPS + log.Debug().Msgf("serving http content directly for: %s", ctx.Path()) + httpHandler(w, req) + } } } diff --git a/server/startup.go b/server/startup.go index cdd87c2..4ae4e07 100644 --- a/server/startup.go +++ b/server/startup.go @@ -119,19 +119,7 @@ func Serve(ctx *cli.Context) error { defer cancelCertMaintain() go certificates.MaintainCertDB(log.Logger, certMaintainCtx, interval, acmeClient, cfg.Server.MainDomain, certDB) - if cfg.Server.HttpServerEnabled { - // Create handler for http->https redirect and http acme challenges - httpHandler := certificates.SetupHTTPACMEChallengeServer(challengeCache, uint(cfg.Server.Port)) - // Create listener for http and start listening - go func() { - log.Info().Msgf("Start HTTP server listening on %s", listeningHTTPAddress) - err := http.ListenAndServe(listeningHTTPAddress, httpHandler) - if err != nil { - log.Error().Err(err).Msg("Couldn't start HTTP server") - } - }() - } if ctx.IsSet("enable-profiling") { StartProfilingServer(ctx.String("profiling-address")) @@ -173,6 +161,21 @@ func Serve(ctx *cli.Context) error { // Create ssl handler based on settings sslHandler := handler.Handler(cfg.Server, giteaClient, canonicalDomainCache, redirectsCache, mostActiveIpMap) + if cfg.Server.HttpServerEnabled { + // Create handler for http->https redirect and http acme challenges + // When ENABLE_HTTP_SERVER is true, don't redirect to HTTPS + httpHandler := certificates.SetupHTTPACMEChallengeServer(challengeCache, uint(cfg.Server.Port), false, sslHandler) + + // Create listener for http and start listening + go func() { + log.Info().Msgf("Start HTTP server listening on %s", listeningHTTPAddress) + err := http.ListenAndServe(listeningHTTPAddress, httpHandler) + if err != nil { + log.Error().Err(err).Msg("Couldn't start HTTP server") + } + }() + } + // Start the ssl listener log.Info().Msgf("Start SSL server using TCP listener on %s", listener.Addr())