mirror of
https://github.com/mjl-/mox.git
synced 2025-01-26 22:55:53 +03:00
for WebRedirect, don't "match" when the destination URL has the same scheme,host,path, for doing http -> https redirects without loops
you can already get most http to https redirects through DontRedirectPlainHTTP in WebHandler, but that needs handlers for all paths. now you can just set up a redirect for a domain and all its path to baseurl https://domain (leaving other webdirect fields empty). when the request comes in with plain http, the redirect to https is done. that next request will also evaluate the same redirect rule. but it will not cause a match because it would redirect to the same scheme,host,path. so next webhandlers get a chance to serve. also clarify in webhandlers docs that also account & admin built-in handlers run first. related to issue #16
This commit is contained in:
parent
a9ef0f2aea
commit
8b0706e02d
7 changed files with 63 additions and 8 deletions
|
@ -73,7 +73,7 @@ type Dynamic struct {
|
|||
Domains map[string]Domain `sconf-doc:"Domains for which email is accepted. For internationalized domains, use their IDNA names in UTF-8."`
|
||||
Accounts map[string]Account `sconf-doc:"Accounts to which email can be delivered. An account can accept email for multiple domains, for multiple localparts, and deliver to multiple mailboxes."`
|
||||
WebDomainRedirects map[string]string `sconf:"optional" sconf-doc:"Redirect all requests from domain (key) to domain (value). Always redirects to HTTPS. For plain HTTP redirects, use a WebHandler with a WebRedirect."`
|
||||
WebHandlers []WebHandler `sconf:"optional" sconf-doc:"Handle webserver requests by serving static files, redirecting or reverse-proxying HTTP(s). The first matching WebHandler will handle the request. Built-in handlers for autoconfig and mta-sts always run first. If no handler matches, the response status code is file not found (404). If functionality you need is missng, simply forward the requests to an application that can provide the needed functionality."`
|
||||
WebHandlers []WebHandler `sconf:"optional" sconf-doc:"Handle webserver requests by serving static files, redirecting or reverse-proxying HTTP(s). The first matching WebHandler will handle the request. Built-in handlers, e.g. for account, admin, autoconfig and mta-sts always run first. If no handler matches, the response status code is file not found (404). If functionality you need is missng, simply forward the requests to an application that can provide the needed functionality."`
|
||||
|
||||
WebDNSDomainRedirects map[dns.Domain]dns.Domain `sconf:"-"`
|
||||
}
|
||||
|
@ -366,7 +366,7 @@ type WebStatic struct {
|
|||
}
|
||||
|
||||
type WebRedirect struct {
|
||||
BaseURL string `sconf:"optional" sconf-doc:"Base URL to redirect to. The path must be empty and will be replaced, either by the request URL path, or by OrigPathRegexp/ReplacePath. Scheme, host, port and fragment stay intact, and query strings are combined. If empty, the response redirects to a different path through OrigPathRegexp and ReplacePath, which must then be set. Use a URL without scheme to redirect without changing the protocol, e.g. //newdomain/."`
|
||||
BaseURL string `sconf:"optional" sconf-doc:"Base URL to redirect to. The path must be empty and will be replaced, either by the request URL path, or by OrigPathRegexp/ReplacePath. Scheme, host, port and fragment stay intact, and query strings are combined. If empty, the response redirects to a different path through OrigPathRegexp and ReplacePath, which must then be set. Use a URL without scheme to redirect without changing the protocol, e.g. //newdomain/. If a redirect would send a request to a URL with the same scheme, host and path, the WebRedirect does not match so a next WebHandler can be tried. This can be used to redirect all plain http traffic to https."`
|
||||
OrigPathRegexp string `sconf:"optional" sconf-doc:"Regular expression for matching path. If set and path does not match, a 404 is returned. The HTTP path used for matching always starts with a slash."`
|
||||
ReplacePath string `sconf:"optional" sconf-doc:"Replacement path for destination URL based on OrigPathRegexp. Implemented with Go's Regexp.ReplaceAllString: $1 is replaced with the text of the first submatch, etc. If both OrigPathRegexp and ReplacePath are empty, BaseURL must be set and all paths are redirected unaltered."`
|
||||
StatusCode int `sconf:"optional" sconf-doc:"Status code to use in redirect, e.g. 307. By default, a permanent redirect (308) is returned."`
|
||||
|
|
|
@ -570,10 +570,10 @@ describe-static" and "mox config describe-domains":
|
|||
|
||||
# Handle webserver requests by serving static files, redirecting or
|
||||
# reverse-proxying HTTP(s). The first matching WebHandler will handle the request.
|
||||
# Built-in handlers for autoconfig and mta-sts always run first. If no handler
|
||||
# matches, the response status code is file not found (404). If functionality you
|
||||
# need is missng, simply forward the requests to an application that can provide
|
||||
# the needed functionality. (optional)
|
||||
# Built-in handlers, e.g. for account, admin, autoconfig and mta-sts always run
|
||||
# first. If no handler matches, the response status code is file not found (404).
|
||||
# If functionality you need is missng, simply forward the requests to an
|
||||
# application that can provide the needed functionality. (optional)
|
||||
WebHandlers:
|
||||
-
|
||||
|
||||
|
@ -637,7 +637,10 @@ describe-static" and "mox config describe-domains":
|
|||
# fragment stay intact, and query strings are combined. If empty, the response
|
||||
# redirects to a different path through OrigPathRegexp and ReplacePath, which must
|
||||
# then be set. Use a URL without scheme to redirect without changing the protocol,
|
||||
# e.g. //newdomain/. (optional)
|
||||
# e.g. //newdomain/. If a redirect would send a request to a URL with the same
|
||||
# scheme, host and path, the WebRedirect does not match so a next WebHandler can
|
||||
# be tried. This can be used to redirect all plain http traffic to https.
|
||||
# (optional)
|
||||
BaseURL:
|
||||
|
||||
# Regular expression for matching path. If set and path does not match, a 404 is
|
||||
|
@ -689,6 +692,20 @@ examples with "mox example", and print a specific example with "mox example
|
|||
|
||||
# Each request is matched against these handlers until one matches and serves it.
|
||||
WebHandlers:
|
||||
-
|
||||
# Redirect all plain http requests to https, leaving path, query strings, etc
|
||||
# intact. When the request is already to https, the destination URL would have the
|
||||
# same scheme, host and path, causing this redirect handler to not match the
|
||||
# request (and not cause a redirect loop) and the webserver to serve the request
|
||||
# with a later handler.
|
||||
LogName: redirhttps
|
||||
Domain: www.mox.example
|
||||
PathRegexp: ^/
|
||||
# Could leave DontRedirectPlainHTTP at false if it wasn't for this being an
|
||||
# example for doing this redirect.
|
||||
DontRedirectPlainHTTP: true
|
||||
WebRedirect:
|
||||
BaseURL: https://www.mox.example
|
||||
-
|
||||
# The name of the handler, used in logging and metrics.
|
||||
LogName: staticmjl
|
||||
|
|
|
@ -1754,7 +1754,7 @@ const webserver = async () => {
|
|||
dom.td('Type'),
|
||||
dom.td(
|
||||
'BaseURL',
|
||||
attr({title: 'Base URL to redirect to. The path must be empty and will be replaced, either by the request URL path, or by OrigPathRegexp/ReplacePath. Scheme, host, port and fragment stay intact, and query strings are combined. If empty, the response redirects to a different path through OrigPathRegexp and ReplacePath, which must then be set. Use a URL without scheme to redirect without changing the protocol, e.g. //newdomain/.'}),
|
||||
attr({title: 'Base URL to redirect to. The path must be empty and will be replaced, either by the request URL path, or by OrigPathRegexp/ReplacePath. Scheme, host, port and fragment stay intact, and query strings are combined. If empty, the response redirects to a different path through OrigPathRegexp and ReplacePath, which must then be set. Use a URL without scheme to redirect without changing the protocol, e.g. //newdomain/. If a redirect would send a request to a URL with the same scheme, host and path, the WebRedirect does not match so a next WebHandler can be tried. This can be used to redirect all plain http traffic to https.'}),
|
||||
),
|
||||
dom.td(
|
||||
'OrigPathRegexp',
|
||||
|
|
|
@ -341,6 +341,19 @@ func HandleRedirect(h *config.WebRedirect, w http.ResponseWriter, r *http.Reques
|
|||
if h.StatusCode != 0 {
|
||||
code = h.StatusCode
|
||||
}
|
||||
|
||||
// If we would be redirecting to the same scheme,host,path, we would get here again
|
||||
// causing a redirect loop. Instead, this causes this redirect to not match,
|
||||
// allowing to try the next WebHandler. This can be used to redirect all plain http
|
||||
// requests to https.
|
||||
reqscheme := "http"
|
||||
if r.TLS != nil {
|
||||
reqscheme = "https"
|
||||
}
|
||||
if reqscheme == u.Scheme && r.Host == u.Host && r.URL.Path == u.Path {
|
||||
return false
|
||||
}
|
||||
|
||||
http.Redirect(w, r, u.String(), code)
|
||||
return true
|
||||
}
|
||||
|
|
|
@ -50,6 +50,10 @@ func TestWebserver(t *testing.T) {
|
|||
|
||||
test("GET", "http://redir.mox.example", nil, http.StatusPermanentRedirect, "", map[string]string{"Location": "https://mox.example/"})
|
||||
|
||||
// http to https redirect, and stay on https afterwards without redirect loop.
|
||||
test("GET", "http://schemeredir.example", nil, http.StatusPermanentRedirect, "", map[string]string{"Location": "https://schemeredir.example/"})
|
||||
test("GET", "https://schemeredir.example", nil, http.StatusNotFound, "", nil)
|
||||
|
||||
test("GET", "http://mox.example/static/", nil, http.StatusOK, "", map[string]string{"X-Test": "mox"}) // index.html
|
||||
test("GET", "http://mox.example/static/dir/", nil, http.StatusOK, "", map[string]string{"X-Test": "mox"}) // listing
|
||||
test("GET", "http://mox.example/static/dir", nil, http.StatusTemporaryRedirect, "", map[string]string{"Location": "/static/dir/"}) // redirect to dir
|
||||
|
|
14
main.go
14
main.go
|
@ -776,6 +776,20 @@ WebDomainRedirects:
|
|||
|
||||
# Each request is matched against these handlers until one matches and serves it.
|
||||
WebHandlers:
|
||||
-
|
||||
# Redirect all plain http requests to https, leaving path, query strings, etc
|
||||
# intact. When the request is already to https, the destination URL would have the
|
||||
# same scheme, host and path, causing this redirect handler to not match the
|
||||
# request (and not cause a redirect loop) and the webserver to serve the request
|
||||
# with a later handler.
|
||||
LogName: redirhttps
|
||||
Domain: www.mox.example
|
||||
PathRegexp: ^/
|
||||
# Could leave DontRedirectPlainHTTP at false if it wasn't for this being an
|
||||
# example for doing this redirect.
|
||||
DontRedirectPlainHTTP: true
|
||||
WebRedirect:
|
||||
BaseURL: https://www.mox.example
|
||||
-
|
||||
# The name of the handler, used in logging and metrics.
|
||||
LogName: staticmjl
|
||||
|
|
7
testdata/webserver/domains.conf
vendored
7
testdata/webserver/domains.conf
vendored
|
@ -9,6 +9,13 @@ Accounts:
|
|||
WebDomainRedirects:
|
||||
redir.mox.example: mox.example
|
||||
WebHandlers:
|
||||
-
|
||||
LogName: redirhttps
|
||||
Domain: schemeredir.example
|
||||
PathRegexp: ^/
|
||||
DontRedirectPlainHTTP: true
|
||||
WebRedirect:
|
||||
BaseURL: https://schemeredir.example
|
||||
-
|
||||
LogName: static
|
||||
Domain: mox.example
|
||||
|
|
Loading…
Reference in a new issue