First try at TLS support

2018-09-28 19:00:08 -04:00 · 2018-09-28 19:00:08 -04:00 · be8e5f330b
parent 467006aabc
commit be8e5f330b
2 changed files with 29 additions and 2 deletions
--- a/main.go
+++ b/main.go
@ -25,6 +25,8 @@ var (
 		reload — reloading the configuration file`)
 )

+const DOMAIN_NAME = "threefortiethofonehamster.com"
+
 const HTML_HEADER = `<!doctype html5>
 <html>
 <head>
@ -125,8 +127,10 @@ func main() {
 	}
 	defer cntxt.Release()

+	var redirect http.Server
 	var srv http.Server

+	go startRedirectServer(&redirect)
 	go startServer(&srv)

 	go func() {
@ -135,6 +139,9 @@ func main() {
 		if err := srv.Shutdown(context.Background()); err != nil {
 			log.Printf("server shutdown error: %v\n", err)
 		}
+		if err = redirect.Shutdown(context.Background()); err != nil {
+			log.Printf("redirect shutdown error: %v\n", err)
+		}
 	}()

 	err = daemon.ServeSignals()
@ -164,7 +171,26 @@ func startServer(srv *http.Server) {
 	serveMux.Handle("/gfm/", http.StripPrefix("/gfm", http.FileServer(gfmstyle.Assets)))
 	serveMux.HandleFunc("/main.css", func(w http.ResponseWriter, r *http.Request) { http.ServeFile(w, r, "main.css") })

-	srv.Addr = ":8000"
+	srv.Addr = ":8043"
+	srv.Handler = serveMux
+	log.Print("starting server")
+	log.Fatal(srv.ListenAndServeTLS("/etc/letsencrypt/live/"+DOMAIN_NAME+"/fullchain.pem",
+		"/etc/letsencrypt/live/"+DOMAIN_NAME+"/privkey.pem"))
+	close(serverShutdown)
+}
+
+func startRedirectServer(srv *http.Server) {
+	serveMux := http.NewServeMux()
+	// copied from https://gist.github.com/d-schmidt/587ceec34ce1334a5e60
+	serveMux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
+		target := "https://" + req.Host + req.URL.Path
+		if len(req.URL.RawQuery) > 0 {
+			target += "?" + req.URL.RawQuery
+		}
+		http.Redirect(w, req, target, http.StatusTemporaryRedirect)
+	})
+
+	srv.Addr = ":8080"
 	srv.Handler = serveMux
 	log.Print("starting server")
 	log.Fatal(srv.ListenAndServe())
--- a/rules.v4
+++ b/rules.v4
@ -4,7 +4,8 @@
 :INPUT ACCEPT [1:60]
 :OUTPUT ACCEPT [2:120]
 :POSTROUTING ACCEPT [2:120]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8000
+-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
+-A PREROUTING -p tcp -m tcp --dport 43 -j REDIRECT --to-ports 8043
 COMMIT
 # Completed on Fri Sep 28 01:39:23 2018
 # Generated by iptables-save v1.6.0 on Fri Sep 28 01:39:23 2018