mirror of https://github.com/jlelse/GoBlog
Restructure Tailscale HTTPS
This commit is contained in:
parent
2080058dfe
commit
e9bbfc12d0
|
@ -362,6 +362,9 @@ func (a *goBlog) initConfig() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *goBlog) httpsConfigured() bool {
|
func (a *goBlog) httpsConfigured(checkAddress bool) bool {
|
||||||
return a.cfg.Server.PublicHTTPS || a.cfg.Server.SecurityHeaders || strings.HasPrefix(a.cfg.Server.PublicAddress, "https")
|
return a.cfg.Server.PublicHTTPS ||
|
||||||
|
a.cfg.Server.TailscaleHTTPS ||
|
||||||
|
a.cfg.Server.SecurityHeaders ||
|
||||||
|
(checkAddress && strings.HasPrefix(a.cfg.Server.PublicAddress, "https"))
|
||||||
}
|
}
|
||||||
|
|
9
http.go
9
http.go
|
@ -2,7 +2,6 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"compress/flate"
|
"compress/flate"
|
||||||
"crypto/tls"
|
|
||||||
"database/sql"
|
"database/sql"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
@ -20,7 +19,6 @@ import (
|
||||||
"golang.org/x/crypto/acme"
|
"golang.org/x/crypto/acme"
|
||||||
"golang.org/x/crypto/acme/autocert"
|
"golang.org/x/crypto/acme/autocert"
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
"tailscale.com/client/tailscale"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -45,7 +43,7 @@ func (a *goBlog) startServer() (err error) {
|
||||||
h = h.Append(a.logMiddleware)
|
h = h.Append(a.logMiddleware)
|
||||||
}
|
}
|
||||||
h = h.Append(middleware.Recoverer, middleware.Compress(flate.DefaultCompression), middleware.Heartbeat("/ping"))
|
h = h.Append(middleware.Recoverer, middleware.Compress(flate.DefaultCompression), middleware.Heartbeat("/ping"))
|
||||||
if a.cfg.Server.PublicHTTPS || a.cfg.Server.SecurityHeaders {
|
if a.httpsConfigured(false) {
|
||||||
h = h.Append(a.securityHeaders)
|
h = h.Append(a.securityHeaders)
|
||||||
}
|
}
|
||||||
finalHandler := h.Then(a.d)
|
finalHandler := h.Then(a.d)
|
||||||
|
@ -82,10 +80,7 @@ func (a *goBlog) startServer() (err error) {
|
||||||
s.Addr = ":https"
|
s.Addr = ":https"
|
||||||
if a.cfg.Server.TailscaleHTTPS {
|
if a.cfg.Server.TailscaleHTTPS {
|
||||||
// HTTPS via Tailscale
|
// HTTPS via Tailscale
|
||||||
s.TLSConfig = &tls.Config{
|
if err = a.startTailscaleHttps(s); err != nil {
|
||||||
GetCertificate: tailscale.GetCertificate,
|
|
||||||
}
|
|
||||||
if err = s.ListenAndServeTLS("", ""); err != nil && err != http.ErrServerClosed {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -32,7 +32,7 @@ func (a *goBlog) initSessions() {
|
||||||
a.loginSessions = &dbSessionStore{
|
a.loginSessions = &dbSessionStore{
|
||||||
codecs: securecookie.CodecsFromPairs([]byte(a.cfg.Server.JWTSecret)),
|
codecs: securecookie.CodecsFromPairs([]byte(a.cfg.Server.JWTSecret)),
|
||||||
options: &sessions.Options{
|
options: &sessions.Options{
|
||||||
Secure: a.httpsConfigured(),
|
Secure: a.httpsConfigured(true),
|
||||||
HttpOnly: true,
|
HttpOnly: true,
|
||||||
SameSite: http.SameSiteLaxMode,
|
SameSite: http.SameSiteLaxMode,
|
||||||
MaxAge: int((7 * 24 * time.Hour).Seconds()),
|
MaxAge: int((7 * 24 * time.Hour).Seconds()),
|
||||||
|
@ -43,7 +43,7 @@ func (a *goBlog) initSessions() {
|
||||||
a.captchaSessions = &dbSessionStore{
|
a.captchaSessions = &dbSessionStore{
|
||||||
codecs: securecookie.CodecsFromPairs([]byte(a.cfg.Server.JWTSecret)),
|
codecs: securecookie.CodecsFromPairs([]byte(a.cfg.Server.JWTSecret)),
|
||||||
options: &sessions.Options{
|
options: &sessions.Options{
|
||||||
Secure: a.httpsConfigured(),
|
Secure: a.httpsConfigured(true),
|
||||||
HttpOnly: true,
|
HttpOnly: true,
|
||||||
SameSite: http.SameSiteLaxMode,
|
SameSite: http.SameSiteLaxMode,
|
||||||
MaxAge: int((24 * time.Hour).Seconds()),
|
MaxAge: int((24 * time.Hour).Seconds()),
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"tailscale.com/client/tailscale"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (a *goBlog) startTailscaleHttps(s *http.Server) error {
|
||||||
|
s.Addr = ":https"
|
||||||
|
s.TLSConfig = &tls.Config{
|
||||||
|
GetCertificate: tailscale.GetCertificate,
|
||||||
|
}
|
||||||
|
if err := s.ListenAndServeTLS("", ""); err != nil && err != http.ErrServerClosed {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
Loading…
Reference in New Issue