From 80d7a356b3443e0a994e5d6abfa6082ba3d5e6e7 Mon Sep 17 00:00:00 2001
From: Francis Lavoie <lavofr@gmail.com>
Date: Wed, 5 Jan 2022 20:01:15 -0500
Subject: caddyhttp: Redirect HTTP requests on the HTTPS port to https://
 (#4313)

* caddyhttp: Redirect HTTP requests on the HTTPS port to https://

* Apply suggestions from code review

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
---
 modules/caddyhttp/app.go | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'modules/caddyhttp/app.go')

diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go
index 64cc540..67f9d1d 100644
--- a/modules/caddyhttp/app.go
+++ b/modules/caddyhttp/app.go
@@ -343,6 +343,11 @@ func (app *App) Start() error {
 				// enable TLS if there is a policy and if this is not the HTTP port
 				useTLS := len(srv.TLSConnPolicies) > 0 && int(listenAddr.StartPort+portOffset) != app.httpPort()
 				if useTLS {
+					// create HTTP redirect wrapper, which detects if
+					// the request had HTTP bytes on the HTTPS port, and
+					// triggers a redirect if so.
+					ln = &httpRedirectListener{Listener: ln}
+
 					// create TLS listener
 					tlsCfg := srv.TLSConnPolicies.TLSConfig(app.ctx)
 					ln = tls.NewListener(ln, tlsCfg)
-- 
cgit v1.2.3