add support to redirect HTTP to HTTPS

Fixes #777 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-09 08:15:13 +03:00 · 2022-03-26 10:00:02 +01:00
parent aaf940edab
commit 5cccb872bb
6 changed files with 33 additions and 1 deletions
--- a/config/config.go
+++ b/config/config.go
@@ -98,6 +98,8 @@ var (
 			AllowedHosts:            nil,
 			AllowedHostsAreRegex:    false,
 			HostsProxyHeaders:       nil,
+			HTTPSRedirect:           false,
+			HTTPSHost:               "",
 			HTTPSProxyHeaders:       nil,
 			STSSeconds:              0,
 			STSIncludeSubdomains:    false,
@@ -1142,7 +1144,7 @@ func getHTTPDSecurityProxyHeadersFromEnv(idx int) []httpd.HTTPSProxyHeader {
 	return httpsProxyHeaders
 }

-func getHTTPDSecurityConfFromEnv(idx int) (httpd.SecurityConf, bool) {
+func getHTTPDSecurityConfFromEnv(idx int) (httpd.SecurityConf, bool) { //nolint:gocyclo
 	var result httpd.SecurityConf
 	isSet := false

@@ -1170,6 +1172,18 @@ func getHTTPDSecurityConfFromEnv(idx int) (httpd.SecurityConf, bool) {
 		isSet = true
 	}

+	httpsRedirect, ok := lookupBoolFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__HTTPS_REDIRECT", idx))
+	if ok {
+		result.HTTPSRedirect = httpsRedirect
+		isSet = true
+	}
+
+	httpsHost, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__HTTPS_HOST", idx))
+	if ok {
+		result.HTTPSHost = httpsHost
+		isSet = true
+	}
+
 	httpsProxyHeaders := getHTTPDSecurityProxyHeadersFromEnv(idx)
 	if len(httpsProxyHeaders) > 0 {
 		result.HTTPSProxyHeaders = httpsProxyHeaders
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -854,6 +854,8 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
 	os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__ALLOWED_HOSTS", "*.example.com,*.example.net")
 	os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__ALLOWED_HOSTS_ARE_REGEX", "1")
 	os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__HOSTS_PROXY_HEADERS", "X-Forwarded-Host")
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__HTTPS_REDIRECT", "1")
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__HTTPS_HOST", "www.example.com")
 	os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__HTTPS_PROXY_HEADERS__1__KEY", "X-Forwarded-Proto")
 	os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__HTTPS_PROXY_HEADERS__1__VALUE", "https")
 	os.Setenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__STS_SECONDS", "31536000")
@@ -900,6 +902,8 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
 		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__ALLOWED_HOSTS")
 		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__ALLOWED_HOSTS_ARE_REGEX")
 		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__HOSTS_PROXY_HEADERS")
+		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__HTTPS_REDIRECT")
+		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__HTTPS_HOST")
 		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__HTTPS_PROXY_HEADERS__1__KEY")
 		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__HTTPS_PROXY_HEADERS__1__VALUE")
 		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__SECURITY__STS_SECONDS")
@@ -975,6 +979,8 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
 	require.True(t, bindings[2].Security.AllowedHostsAreRegex)
 	require.Len(t, bindings[2].Security.HostsProxyHeaders, 1)
 	require.Equal(t, "X-Forwarded-Host", bindings[2].Security.HostsProxyHeaders[0])
+	require.True(t, bindings[2].Security.HTTPSRedirect)
+	require.Equal(t, "www.example.com", bindings[2].Security.HTTPSHost)
 	require.Len(t, bindings[2].Security.HTTPSProxyHeaders, 1)
 	require.Equal(t, "X-Forwarded-Proto", bindings[2].Security.HTTPSProxyHeaders[0].Key)
 	require.Equal(t, "https", bindings[2].Security.HTTPSProxyHeaders[0].Value)