Browse Source

Restructure Tailscale HTTPS

master
Jan-Lukas Else 2 months ago
parent
commit
e9bbfc12d0
  1. 7
      config.go
  2. 9
      http.go
  3. 4
      sessions.go
  4. 19
      tailscale.go

7
config.go

@ -362,6 +362,9 @@ func (a *goBlog) initConfig() error {
return nil
}
func (a *goBlog) httpsConfigured() bool {
return a.cfg.Server.PublicHTTPS || a.cfg.Server.SecurityHeaders || strings.HasPrefix(a.cfg.Server.PublicAddress, "https")
func (a *goBlog) httpsConfigured(checkAddress bool) bool {
return a.cfg.Server.PublicHTTPS ||
a.cfg.Server.TailscaleHTTPS ||
a.cfg.Server.SecurityHeaders ||
(checkAddress && strings.HasPrefix(a.cfg.Server.PublicAddress, "https"))
}

9
http.go

@ -2,7 +2,6 @@ package main
import (
"compress/flate"
"crypto/tls"
"database/sql"
"errors"
"fmt"
@ -20,7 +19,6 @@ import (
"golang.org/x/crypto/acme"
"golang.org/x/crypto/acme/autocert"
"golang.org/x/net/context"
"tailscale.com/client/tailscale"
)
const (
@ -45,7 +43,7 @@ func (a *goBlog) startServer() (err error) {
h = h.Append(a.logMiddleware)
}
h = h.Append(middleware.Recoverer, middleware.Compress(flate.DefaultCompression), middleware.Heartbeat("/ping"))
if a.cfg.Server.PublicHTTPS || a.cfg.Server.SecurityHeaders {
if a.httpsConfigured(false) {
h = h.Append(a.securityHeaders)
}
finalHandler := h.Then(a.d)
@ -82,10 +80,7 @@ func (a *goBlog) startServer() (err error) {
s.Addr = ":https"
if a.cfg.Server.TailscaleHTTPS {
// HTTPS via Tailscale
s.TLSConfig = &tls.Config{
GetCertificate: tailscale.GetCertificate,
}
if err = s.ListenAndServeTLS("", ""); err != nil && err != http.ErrServerClosed {
if err = a.startTailscaleHttps(s); err != nil {
return err
}
} else {

4
sessions.go

@ -32,7 +32,7 @@ func (a *goBlog) initSessions() {
a.loginSessions = &dbSessionStore{
codecs: securecookie.CodecsFromPairs([]byte(a.cfg.Server.JWTSecret)),
options: &sessions.Options{
Secure: a.httpsConfigured(),
Secure: a.httpsConfigured(true),
HttpOnly: true,
SameSite: http.SameSiteLaxMode,
MaxAge: int((7 * 24 * time.Hour).Seconds()),
@ -43,7 +43,7 @@ func (a *goBlog) initSessions() {
a.captchaSessions = &dbSessionStore{
codecs: securecookie.CodecsFromPairs([]byte(a.cfg.Server.JWTSecret)),
options: &sessions.Options{
Secure: a.httpsConfigured(),
Secure: a.httpsConfigured(true),
HttpOnly: true,
SameSite: http.SameSiteLaxMode,
MaxAge: int((24 * time.Hour).Seconds()),

19
tailscale.go

@ -0,0 +1,19 @@
package main
import (
"crypto/tls"
"net/http"
"tailscale.com/client/tailscale"
)
func (a *goBlog) startTailscaleHttps(s *http.Server) error {
s.Addr = ":https"
s.TLSConfig = &tls.Config{
GetCertificate: tailscale.GetCertificate,
}
if err := s.ListenAndServeTLS("", ""); err != nil && err != http.ErrServerClosed {
return err
}
return nil
}
Loading…
Cancel
Save