coolaj86
/
goldilocks.js
1
0
Fork 1
Code Issues Pull Requests Releases Activity

redirect localhost and IP addresses to real domains

This commit is contained in:
tigerbot 2017-05-11 19:16:23 -06:00
parent 5777a885a4
commit 87de2c65ad
3 changed files with 41 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
goldilocks.example.yml
View File

@ -19,6 +19,8 @@ tls:
http: http:
trustProxy: true trustProxy: true
allowInsecure: false
primaryDomain: localhost.foo.daplie.me
modules: modules:
- name: proxy - name: proxy
domains: domains:

2
lib/goldilocks.js
View File

@ -54,7 +54,7 @@ module.exports.create = function (deps, config) {
} }
function netHandler(conn, opts) { function netHandler(conn, opts) {
opts = opts || {}; opts = opts || {};
console.log('[netHandler]', conn.localAddres, conn.localPort, opts.encrypted); console.log('[netHandler]', conn.localAddress, conn.localPort, opts.encrypted);
// XXX PEEK COMMENT XXX // XXX PEEK COMMENT XXX
// TODO we can have our cake and eat it too // TODO we can have our cake and eat it too

39
lib/modules/http.js
View File

@ -13,18 +13,55 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
, /\balpha\.localhost\./ , /\balpha\.localhost\./
]; ];
function verifyHost(fullHost) {
var host = /^(.*?)(:\d+)?$/.exec(fullHost)[1];
if (host === 'localhost') {
return fullHost.replace(host, 'localhost.daplie.me');
}
// Test for IPv4 and IPv6 addresses. These patterns will match some invalid addresses,
// but since those still won't be valid domains that won't really be a problem.
if (/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(host) || /^\[[0-9a-fA-F:]+\]$/.test(host)) {
if (!conf.http.primaryDomain) {
(conf.http.modules || []).some(function (mod) {
return mod.domains.some(function (domain) {
if (domain[0] !== '*') {
conf.http.primaryDomain = domain;
return true;
}
});
});
}
return fullHost.replace(host, conf.http.primaryDomain || host);
}
return fullHost;
}
// We handle both HTTPS and HTTP traffic on the same ports, and we want to redirect // We handle both HTTPS and HTTP traffic on the same ports, and we want to redirect
// any unencrypted requests to the same port they came from unless it came in on // any unencrypted requests to the same port they came from unless it came in on
// the default HTTP port, in which case there wont be a port specified in the host. // the default HTTP port, in which case there wont be a port specified in the host.
var redirecters = {}; var redirecters = {};
function redirectHttps(req, res, next) { function redirectHttps(req, res, next) {
var port = req.headers.host.split(':')[1]; if (conf.http.allowInsecure) {
next();
return;
}
var port = (/:(\d+)$/.exec(req.headers.host) || [])[1];
if (!redirecters[port]) { if (!redirecters[port]) {
redirecters[port] = require('redirect-https')({ redirecters[port] = require('redirect-https')({
port: port port: port
, trustProxy: conf.http.trustProxy , trustProxy: conf.http.trustProxy
}); });
} }
// localhost and IP addresses cannot have real SSL certs (and don't contain any useful
// info for redirection either), so we direct some hosts to either localhost.daplie.me
// or the "primary domain" ie the first manually specified domain.
req.headers.host = verifyHost(req.headers.host);
redirecters[port](req, res, next); redirecters[port](req, res, next);
} }