feat: allow HTTP server to serve content directly without HTTPS redirect

- Modify SetupHTTPACMEChallengeServer to accept enableRedirect parameter
- When ENABLE_HTTP_SERVER is true, HTTP requests are served directly instead of redirecting to HTTPS
- HTTP server now uses the same handler as HTTPS server for content requests
- ACME challenges are still handled properly on HTTP port

server/certificates/cached_challengers.go

@@ -46,7 +46,7 @@ func (a AcmeHTTPChallengeProvider) CleanUp(domain, token, _ string) error {
 	return nil
 }
 
-func SetupHTTPACMEChallengeServer(challengeCache cache.ICache, sslPort uint) http.HandlerFunc {
+func SetupHTTPACMEChallengeServer(challengeCache cache.ICache, sslPort uint, enableRedirect bool, httpHandler http.HandlerFunc) http.HandlerFunc {
 	// handle custom-ssl-ports to be added on https redirects
 	portPart := ""
 	if sslPort != 443 {
@@ -69,15 +69,23 @@ func SetupHTTPACMEChallengeServer(challengeCache cache.ICache, sslPort uint) htt
 			return
 		}
 
-		// it's a normal http request that needs to be redirected
+		// it's a normal http request
-		u, err := url.Parse(fmt.Sprintf("https://%s%s%s", domain, portPart, ctx.Path()))
+		if enableRedirect {
-		if err != nil {
+			// redirect to https
-			log.Error().Err(err).Msg("could not craft http to https redirect")
+			u, err := url.Parse(fmt.Sprintf("https://%s%s%s", domain, portPart, ctx.Path()))
-			ctx.String("", http.StatusInternalServerError)
+			if err != nil {
-		}
+				log.Error().Err(err).Msg("could not craft http to https redirect")
+				ctx.String("", http.StatusInternalServerError)
+				return
+			}
 
-		newURL := u.String()
+			newURL := u.String()
-		log.Debug().Msgf("redirect http to https: %s", newURL)
+			log.Debug().Msgf("redirect http to https: %s", newURL)
-		ctx.Redirect(newURL, http.StatusMovedPermanently)
+			ctx.Redirect(newURL, http.StatusMovedPermanently)
+		} else {
+			// serve content directly using the same handler as HTTPS
+			log.Debug().Msgf("serving http content directly for: %s", ctx.Path())
+			httpHandler(w, req)
+		}
 	}
 }

server/startup.go

@@ -119,19 +119,7 @@ func Serve(ctx *cli.Context) error {
 	defer cancelCertMaintain()
 	go certificates.MaintainCertDB(log.Logger, certMaintainCtx, interval, acmeClient, cfg.Server.MainDomain, certDB)
 
-	if cfg.Server.HttpServerEnabled {
-		// Create handler for http->https redirect and http acme challenges
-		httpHandler := certificates.SetupHTTPACMEChallengeServer(challengeCache, uint(cfg.Server.Port))
 
-		// Create listener for http and start listening
-		go func() {
-			log.Info().Msgf("Start HTTP server listening on %s", listeningHTTPAddress)
-			err := http.ListenAndServe(listeningHTTPAddress, httpHandler)
-			if err != nil {
-				log.Error().Err(err).Msg("Couldn't start HTTP server")
-			}
-		}()
-	}
 
 	if ctx.IsSet("enable-profiling") {
 		StartProfilingServer(ctx.String("profiling-address"))
@@ -173,6 +161,21 @@ func Serve(ctx *cli.Context) error {
 	// Create ssl handler based on settings
 	sslHandler := handler.Handler(cfg.Server, giteaClient, canonicalDomainCache, redirectsCache, mostActiveIpMap)
 
+	if cfg.Server.HttpServerEnabled {
+		// Create handler for http->https redirect and http acme challenges
+		// When ENABLE_HTTP_SERVER is true, don't redirect to HTTPS
+		httpHandler := certificates.SetupHTTPACMEChallengeServer(challengeCache, uint(cfg.Server.Port), false, sslHandler)
+
+		// Create listener for http and start listening
+		go func() {
+			log.Info().Msgf("Start HTTP server listening on %s", listeningHTTPAddress)
+			err := http.ListenAndServe(listeningHTTPAddress, httpHandler)
+			if err != nil {
+				log.Error().Err(err).Msg("Couldn't start HTTP server")
+			}
+		}()
+	}
+
 	// Start the ssl listener
 	log.Info().Msgf("Start SSL server using TCP listener on %s", listener.Addr())