file_server: Use HTTPS port when a qualifying domain is specified

Also little comment cleanups
This commit is contained in:
Matthew Holt 2019-11-16 10:44:45 -07:00
parent b43e986a52
commit 9fe54e1c60
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
2 changed files with 13 additions and 9 deletions

View file

@ -18,12 +18,14 @@ import (
"encoding/json" "encoding/json"
"flag" "flag"
"log" "log"
"strconv"
"github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2"
"github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig"
"github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile"
caddycmd "github.com/caddyserver/caddy/v2/cmd" caddycmd "github.com/caddyserver/caddy/v2/cmd"
"github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddyhttp"
"github.com/mholt/certmagic"
) )
func init() { func init() {
@ -36,12 +38,13 @@ func init() {
A simple but production-ready file server. Useful for quick deployments, A simple but production-ready file server. Useful for quick deployments,
demos, and development. demos, and development.
If a qualifying hostname is specified with --domain, the server will use
HTTPS if domain validation succeeds. Ensure A/AAAA records are properly
configured before using this option.
The listener's socket address can be customized with the --listen flag. The listener's socket address can be customized with the --listen flag.
If a qualifying hostname is specified with --domain, the default listener
address will be changed to the HTTPS port and the server will use HTTPS
if domain validation succeeds. Ensure A/AAAA records are properly
configured before using this option.
If --browse is enabled, requests for folders without an index file will If --browse is enabled, requests for folders without an index file will
respond with a file listing.`, respond with a file listing.`,
Flags: func() *flag.FlagSet { Flags: func() *flag.FlagSet {
@ -83,8 +86,12 @@ func cmdFileServer(fs caddycmd.Flags) (int, error) {
Routes: caddyhttp.RouteList{route}, Routes: caddyhttp.RouteList{route},
} }
if listen == "" { if listen == "" {
if certmagic.HostQualifies(domain) {
listen = ":" + strconv.Itoa(certmagic.HTTPSPort)
} else {
listen = ":" + httpcaddyfile.DefaultPort listen = ":" + httpcaddyfile.DefaultPort
} }
}
server.Listen = []string{listen} server.Listen = []string{listen}
httpApp := caddyhttp.App{ httpApp := caddyhttp.App{

View file

@ -150,9 +150,6 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
return fsrv.notFound(w, r, next) return fsrv.notFound(w, r, next)
} }
// TODO: maybe there should be a way to serve the next handler
// instead of returning 404 if a file is not found?
// TODO: content negotiation (brotli sidecar files, etc...) // TODO: content negotiation (brotli sidecar files, etc...)
// one last check to ensure the file isn't hidden (we might // one last check to ensure the file isn't hidden (we might
@ -193,7 +190,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
if mtyp == "" { if mtyp == "" {
// do not allow Go to sniff the content-type; see // do not allow Go to sniff the content-type; see
// https://www.youtube.com/watch?v=8t8JYpt0egE // https://www.youtube.com/watch?v=8t8JYpt0egE
// TODO: Consider writing a default mime type of application/octet-stream - this is secure but violates spec // TODO: If we want a Content-Type, consider writing a default of application/octet-stream - this is secure but violates spec
w.Header()["Content-Type"] = nil w.Header()["Content-Type"] = nil
} else { } else {
w.Header().Set("Content-Type", mtyp) w.Header().Set("Content-Type", mtyp)