I have put up TLS and it works. I know how to rewrite from http to https in nginx, but I do not use nginx anymore. I don't know how to do this in Go properly.
func main() {
certificate := "/srv/ssl/ssl-bundle.crt"
privateKey := "/srv/ssl/mykey.key"
http.HandleFunc("/", rootHander)
// log.Fatal(http.ListenAndServe(":80", nil))
log.Fatal(http.ListenAndServeTLS(":443", certificate, privateKey, nil))
}
func rootHander(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("To the moon!"))
}
How would I do this in a good way?
Create a handler which handles redirection to https like:
func redirectTLS(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "https://IPAddr:443"+r.RequestURI, http.StatusMovedPermanently)
}
Then redirect http traffic:
go func() {
if err := http.ListenAndServe(":80", http.HandlerFunc(redirectTLS)); err != nil {
log.Fatalf("ListenAndServe error: %v", err)
}
}()
Package main
import (
"fmt"
"net/http"
)
func redirectToHttps(w http.ResponseWriter, r *http.Request) {
// Redirect the incoming HTTP request. Note that "127.0.0.1:443" will only work if you are accessing the server from your local machine.
http.Redirect(w, r, "https://127.0.0.1:443"+r.RequestURI, http.StatusMovedPermanently)
}
func handler(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hi there!")
fmt.Println(r.RequestURI)
}
func main() {
http.HandleFunc("/", handler)
// Start the HTTPS server in a goroutine
go http.ListenAndServeTLS(":443", "cert.pem", "key.pem", nil)
// Start the HTTP server and redirect all incoming connections to HTTPS
http.ListenAndServe(":8080", http.HandlerFunc(redirectToHttps))
}
The solutions posted above are a little inflexible, especially if the external hostname is different from the local host.
Here is the code I use for HTTP->HTTPS redirects:
package main
import (
"net"
"log"
"net/http"
)
var httpAddr ":8080"
var httpsAddr ":8443"
func main() {
srv := http.Server{
Addr: httpsAddr,
}
_, tlsPort, err := net.SplitHostPort(httpsAddr)
if err != nil {
return err
}
go redirectToHTTPS(tlsPort)
srv.ListenAndServeTLS("cert.pem", "key.pem")
}
func redirectToHTTPS(tlsPort string) {
httpSrv := http.Server{
Addr: httpAddr,
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request){
host, _, _ := net.SplitHostPort(r.Host)
u := r.URL
u.Host = net.JoinHostPort(host, tlsPort)
u.Scheme="https"
log.Println(u.String())
http.Redirect(w,r,u.String(), http.StatusMovedPermanently)
}),
}
log.Println(httpSrv.ListenAndServe())
}
If you are using standard ports (80,443) the splitting of joining of the adresses is not rquired and just setting the scheme on the URL is sufficient.