mirror of https://github.com/jlelse/GoBlog
Restructure Tailscale HTTPS
This commit is contained in:
parent
2080058dfe
commit
e9bbfc12d0
|
@ -362,6 +362,9 @@ func (a *goBlog) initConfig() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (a *goBlog) httpsConfigured() bool {
|
||||
return a.cfg.Server.PublicHTTPS || a.cfg.Server.SecurityHeaders || strings.HasPrefix(a.cfg.Server.PublicAddress, "https")
|
||||
func (a *goBlog) httpsConfigured(checkAddress bool) bool {
|
||||
return a.cfg.Server.PublicHTTPS ||
|
||||
a.cfg.Server.TailscaleHTTPS ||
|
||||
a.cfg.Server.SecurityHeaders ||
|
||||
(checkAddress && strings.HasPrefix(a.cfg.Server.PublicAddress, "https"))
|
||||
}
|
||||
|
|
9
http.go
9
http.go
|
@ -2,7 +2,6 @@ package main
|
|||
|
||||
import (
|
||||
"compress/flate"
|
||||
"crypto/tls"
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
@ -20,7 +19,6 @@ import (
|
|||
"golang.org/x/crypto/acme"
|
||||
"golang.org/x/crypto/acme/autocert"
|
||||
"golang.org/x/net/context"
|
||||
"tailscale.com/client/tailscale"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -45,7 +43,7 @@ func (a *goBlog) startServer() (err error) {
|
|||
h = h.Append(a.logMiddleware)
|
||||
}
|
||||
h = h.Append(middleware.Recoverer, middleware.Compress(flate.DefaultCompression), middleware.Heartbeat("/ping"))
|
||||
if a.cfg.Server.PublicHTTPS || a.cfg.Server.SecurityHeaders {
|
||||
if a.httpsConfigured(false) {
|
||||
h = h.Append(a.securityHeaders)
|
||||
}
|
||||
finalHandler := h.Then(a.d)
|
||||
|
@ -82,10 +80,7 @@ func (a *goBlog) startServer() (err error) {
|
|||
s.Addr = ":https"
|
||||
if a.cfg.Server.TailscaleHTTPS {
|
||||
// HTTPS via Tailscale
|
||||
s.TLSConfig = &tls.Config{
|
||||
GetCertificate: tailscale.GetCertificate,
|
||||
}
|
||||
if err = s.ListenAndServeTLS("", ""); err != nil && err != http.ErrServerClosed {
|
||||
if err = a.startTailscaleHttps(s); err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
|
|
|
@ -32,7 +32,7 @@ func (a *goBlog) initSessions() {
|
|||
a.loginSessions = &dbSessionStore{
|
||||
codecs: securecookie.CodecsFromPairs([]byte(a.cfg.Server.JWTSecret)),
|
||||
options: &sessions.Options{
|
||||
Secure: a.httpsConfigured(),
|
||||
Secure: a.httpsConfigured(true),
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
MaxAge: int((7 * 24 * time.Hour).Seconds()),
|
||||
|
@ -43,7 +43,7 @@ func (a *goBlog) initSessions() {
|
|||
a.captchaSessions = &dbSessionStore{
|
||||
codecs: securecookie.CodecsFromPairs([]byte(a.cfg.Server.JWTSecret)),
|
||||
options: &sessions.Options{
|
||||
Secure: a.httpsConfigured(),
|
||||
Secure: a.httpsConfigured(true),
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
MaxAge: int((24 * time.Hour).Seconds()),
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"net/http"
|
||||
|
||||
"tailscale.com/client/tailscale"
|
||||
)
|
||||
|
||||
func (a *goBlog) startTailscaleHttps(s *http.Server) error {
|
||||
s.Addr = ":https"
|
||||
s.TLSConfig = &tls.Config{
|
||||
GetCertificate: tailscale.GetCertificate,
|
||||
}
|
||||
if err := s.ListenAndServeTLS("", ""); err != nil && err != http.ErrServerClosed {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
Loading…
Reference in New Issue