Add an option to allow redirect of http port 80 to https.

[MCF]

This is an "opt in" option (default is to not redirect). It will only redirect
if protocol is https and the new REDIRECT_PORT_80 option is set to true.

Signed-off-by: Mike Fellows [email protected]

This will resolve #1720

[bkcsoft]

Don't fire-n-forget

[MCF]

Can you elaborate on your concern? If the redirector fails to start it will stop the server immediately with the call to log.Fatal right?

[bkcsoft]

Only if runHTTP returns an error. My concern is that this goroutine will stop and then port 80 goes offline. Something needs to keep track of it 🙂

[MCF]

Can you point me at a code example where this sort of thing is being done. I can't see anything like that happening with the other servers binding to ports in web.go. They have the same problem that if they stop then the server will stop working. Presumably in both cases the end users would notice.

[rmg]

The others don't listen in goroutines, so when they error out the whole process errors out. The use of a goroutine here means if/when that listener errors out, it does so silently and without any mechanism for restarting.

[bkcsoft]

Having a loose goroutine like this is risky at best. And will end up with "this **** is broken"-issues that's only solvable by creating a service-handler for tracking long-running goroutines. Which is goind to be a pain :(

[MCF]

Yes I understand that goroutines are threads. And a thread hanging or crashing will cause the service to go away. However if we were to write a thread manager it would presumably required re-engineering the current "main thread" that holds the main gitea web server as well. Even if we did do this you have a similar problem with the actual thread manager. What if it hangs for example and your threads crash for independent reasons?

I don't agree with your assessment that the solution I have chosen for the given feature is risky. It is a exactly 5 lines of code being executed by the redirector service. How much crashing or hanging are we expecting to come out of this? And even if the redirector thread does happen to hang should it be restarted? I suppose something like a DDOS could bring it down, but that seems a stretch. If someone was trying to bring down your site it seems unlikely that they would only be interested in crashing your port 80 to 443 redirector and not attacking your main site on port 443. At a certain point, with these kinds of problems, you need outside tools like pingdom or uptimerobot.

So where does this leave this PR? I've mostly given up on this and accepted that I have to run gitea behind Apache acting as a proxy. It seems odd to have to use a heavyweight server in front of the nice, lightweight gitea web server. If you can give me some specific suggestions about what adjustments are needed to satisfy your concerns please do. Or if you think the feature is not needed, or impossible to implement without radical re-engineering of the main gitea web server, then please close the PR.

[bkcsoft]

Just take r.URL and change Schema to https 😕

[MCF]

Thx for the feedback. I had considered the http to https approach but had thought of a configuration with https not on port 443. Then it won't work. Perhaps that particular configuration is so unlikely we don't need to support it?

[Avalancs]

I for one use it (with a company of 6 people currently). We have multiple https services listening on different ports with IIS redirecting them from port 443 to the appropriate port based on the request's URL, so people don't have to remember the port numbers. We create an additional rule to redirect to https if the service does not have this option, but creating a redirection in IIS is a royal pain, so I would love to be able to do this in Gitea on any possible port.

[MCF]

@bkcsoft your requested change seems to conflict with with the change I just made for @lunny? Can you please re-visit and see what you now think? Also I have an open question above that I was hoping you would comment on.

[bkcsoft]

Also don't assume port 80 😉

[MCF]

I think that port 80 is a requirement with this feature.

My intention was to address the simple case of someone typing a bare domain name into their web browser location bar, hitting return and ending up at the right place even when gitea is being served on https.

For example a company has an internal server on their intranet with the name: git.example.com. The actually URL is https://git.example.com - but end users may type git.example.com into their location bar and hit return. Without the redirect the browser gives them an error, with the redirect they end up at the right URL.

[lunny]

The port could be another config on app.ini

[lunny]

This needs some integration tests and I prefer move this to v1.3.

[MCF]

I'll get some tests together for this.

[andreynering]

@lunny I don't think this need an integration test. It's a simple feature, and not easy to test, IMHO.

[codecov-io]

Codecov Report

Merging #1928 into master will increase coverage by 0.18%.
The diff coverage is 9.52%.

@@            Coverage Diff             @@
##           master    #1928      +/-   ##
==========================================
+ Coverage    34.7%   34.89%   +0.18%     
==========================================
  Files         277      277              
  Lines       40116    40137      +21     
==========================================
+ Hits        13922    14005      +83     
+ Misses      24159    24081      -78     
- Partials     2035     2051      +16

Impacted Files	Coverage Δ
cmd/web.go	0% <0%> (ø)	⬆️
modules/setting/setting.go	47.06% <100%> (+0.13%)	⬆️
models/lfs.go	28.26% <0%> (+2.17%)	⬆️
modules/process/manager.go	81.15% <0%> (+4.34%)	⬆️
modules/lfs/server.go	35.01% <0%> (+14.32%)	⬆️
modules/lfs/content_store.go	43.75% <0%> (+35.93%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f5155b9...7c71d19. Read the comment docs.

[lunny]

The port could be another config on app.ini

[lunny]

Wrong port in error hint.

[lunny]

And I didn't run successfully local. It's strange.

[lunny]

It works well. LGTM. @bkcsoft needs your review.

[bkcsoft]

Why Temporary and not Permanent? Then webbrowsers can go to https automagically afterwards even if they type http 🤔

[MCF]

Temporary redirect also supports POST. I based the redirect logic on this gist: https://gist.github.com/d-schmidt/587ceec34ce1334a5e60

I don't have strong feelings about this either way. It felt more complete to support any type of request. Chrome seems to treat temporary in a similar manner as permanent. Presumably it is doing so with some kind of cache timeout, so you would go back to the http address after a period of time.

[bkcsoft]

Makes sense to me. LGTM

[bkcsoft]

LGTM