diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..22ea22d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +acme-reverseproxy diff --git a/Dockerfile b/Dockerfile index fcc5492..0ed5141 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,11 @@ -FROM golang:latest as build - -WORKDIR /go/src/github.com/vbatts/acme-reverseproxy/ -COPY . . -RUN go get -d -v ./... -RUN go install -v -tags netgo github.com/vbatts/acme-reverseproxy +FROM golang:1.19-alpine as golang +COPY . /go/acme-reverseproxy/ +RUN cd /go/acme-reverseproxy/ && \ + go mod download && \ + CGO_ENABLED=0 GOOS=linux go build FROM alpine:latest -RUN apk --no-cache add ca-certificates VOLUME ["/tmp/acme-reverseproxy"] -COPY --from=build /go/bin/acme-reverseproxy /usr/bin/ +RUN apk --no-cache add -u ca-certificates curl tzdata +COPY --from=golang /go/acme-reverseproxy/acme-reverseproxy /usr/bin/ ENTRYPOINT ["/usr/bin/acme-reverseproxy"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..f01aada --- /dev/null +++ b/Makefile @@ -0,0 +1,7 @@ +.PHONY: build docker + +build: + CGO_ENABLED=0 go build + +docker: + docker build -t acme-reverseproxy . diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..51e885e --- /dev/null +++ b/go.mod @@ -0,0 +1,18 @@ +module github.com/vbatts/acme-reverseproxy + +go 1.17 + +require ( + github.com/BurntSushi/toml v1.2.0 + github.com/sirupsen/logrus v1.9.0 + github.com/urfave/cli v1.22.9 + golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d +) + +require ( + github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b // indirect + golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 // indirect + golang.org/x/text v0.3.7 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..beeb583 --- /dev/null +++ b/go.sum @@ -0,0 +1,44 @@ +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0= +github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= +github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/urfave/cli v1.22.9 h1:cv3/KhXGBGjEXLC4bH0sLuJ9BewaAbpk5oyMOveu4pw= +github.com/urfave/cli v1.22.9/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d h1:3qF+Z8Hkrw9sOhrFHti9TlB1Hkac1x+DNRkv0XQiFjo= +golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY= +golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 h1:UiNENfZ8gDvpiWw7IpOMQ27spWmThO1RwwdQVbJahJM= +golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/proxymap/proxymap.go b/proxymap/proxymap.go index 07c0745..b2f3886 100644 --- a/proxymap/proxymap.go +++ b/proxymap/proxymap.go @@ -58,6 +58,10 @@ func (rph reverseProxiesHandler) ServeHTTP(w http.ResponseWriter, r *http.Reques } logrus.Printf("request for %q %q %q", r.Host, r.URL, host) if v, ok := rph.Map[r.Host]; ok { + if r.TLS == nil { + http.Redirect(w, r, "https://"+host, http.StatusMovedPermanently) + return + } v.ServeHTTP(w, r) return } diff --git a/srv.go b/srv.go index fe00c43..cbf202b 100644 --- a/srv.go +++ b/srv.go @@ -2,7 +2,6 @@ package main import ( "net/http" - "strings" "github.com/sirupsen/logrus" "github.com/urfave/cli" @@ -22,10 +21,10 @@ func srvCommand(c *cli.Context) error { return cli.NewExitError(err, 2) } rph := proxymap.NewReverseProxiesHandler(rpm) - logrus.Debugf("srv: whitelisting %q", strings.Join(list, ",")) + logrus.Debugf("srv: whitelisting %v", list) m := autocert.Manager{ Prompt: autocert.AcceptTOS, - HostPolicy: autocert.HostWhitelist(strings.Join(list, ",")), + HostPolicy: autocert.HostWhitelist(list...), } if cfg.CA.Email != "" { m.Email = cfg.CA.Email @@ -33,5 +32,17 @@ func srvCommand(c *cli.Context) error { if cfg.CA.CacheDir != "" { m.Cache = autocert.DirCache(cfg.CA.CacheDir) } - return cli.NewExitError(http.Serve(autocert.NewListener(list...), rph), 2) + // redirect http traffic to https + go func() { + http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + logrus.Debugf("got request on http: %s %s %s", r.Host, r.Method, r.RequestURI) + w.Header().Set("Strict-Transport-Security", "max-age=15768000 ; includeSubDomains") + http.Redirect(w, r, "https://"+r.Host, http.StatusMovedPermanently) + }) + err := http.ListenAndServe(":80", nil) + if err != nil { + panic(err) + } + }() + return cli.NewExitError(http.Serve(m.Listener(), rph), 2) }