Skip to content

feat!: generate a self-signed certificate if no certificates are specified #5973

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Feb 2, 2023
Merged

feat!: generate a self-signed certificate if no certificates are specified #5973

Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
1536b51
feat: generate a self-signed certificate if no certificates are speci…
kylecarbs Feb 2, 2023
beff932
Add new flag and deprecate old one
kylecarbs Feb 2, 2023
7cd5f2c
Fix redirect if not using tunnel
kylecarbs Feb 2, 2023
2a81e29
Add deprecation notice
kylecarbs Feb 2, 2023
596afcc
Fix TLS redirect
kylecarbs Feb 2, 2023
8336a07
Run `make gen`
kylecarbs Feb 2, 2023
b0adb77
Fix bad test
kylecarbs Feb 2, 2023
9ccdd59
Fix gen
kylecarbs Feb 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix redirect if not using tunnel
  • Loading branch information
@kylecarbs
kylecarbs committed Feb 2, 2023
commit 7cd5f2c2287b6b20c0970d194776ef55bf52a584
24 changes: 16 additions & 8 deletions cli/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -394,11 +394,6 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
cmd.Printf("%s The access URL %s %s, this may cause unexpected problems when creating workspaces. Generate a unique *.try.coder.app URL by not specifying an access URL.\n", cliui.Styles.Warn.Render("Warning:"), cliui.Styles.Field.Render(accessURLParsed.String()), reason)
}

if cfg.TLS.RedirectHTTP.Value {
cmd.PrintErr(cliui.Styles.Warn.Render("WARN:") + " --tls-redirect-http-to-https is deprecated, please use --redirect-to-access-url instead")
cfg.RedirectToAccessURL.Value = cfg.TLS.RedirectHTTP.Value
}

// A newline is added before for visibility in terminal output.
cmd.Printf("\nView the Web UI: %s\n", accessURLParsed.String())

Expand Down Expand Up @@ -770,7 +765,7 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
// the request is not to a local IP.
var handler http.Handler = coderAPI.RootHandler
if cfg.RedirectToAccessURL.Value {
handler = redirectToAccessURL(handler, accessURLParsed)
handler = redirectToAccessURL(handler, accessURLParsed, tunnel != nil)
}

// ReadHeaderTimeout is purposefully not enabled. It caused some
Expand Down Expand Up @@ -1518,10 +1513,23 @@ func configureHTTPClient(ctx context.Context, clientCertFile, clientKeyFile stri
return ctx, &http.Client{}, nil
}

func redirectToAccessURL(handler http.Handler, accessURL *url.URL) http.Handler {
// nolint:revive
func redirectToAccessURL(handler http.Handler, accessURL *url.URL, tunnel bool) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Host != accessURL.Host {
redirect := func() {
http.Redirect(w, r, accessURL.String(), http.StatusTemporaryRedirect)
}

// Only do this if we aren't tunneling.
// If we are tunneling, we want to allow the request to go through
// because the tunnel doesn't proxy with TLS.
if !tunnel && accessURL.Scheme == "https" && r.TLS == nil {
redirect()
return
}

if r.Host != accessURL.Host {
redirect()
return
}

Expand Down