Forward to HTTPS if X-Forwarded-Proto is equal to "http". This can be

enabled with "--forward-https".

This might be useful if darkhttpd is behind a reverse proxy that
supports SSL.
This commit is contained in:
Paco Pascal 2021-08-17 23:52:54 -04:00 committed by Emil Mikulic
parent a8ae2b1de0
commit 49baf385e1

View File

@ -260,6 +260,8 @@ static struct forward_mapping *forward_map = NULL;
static size_t forward_map_size = 0;
static const char *forward_all_url = NULL;
static int forward_to_https = 0;
struct mime_mapping {
char *extension, *mimetype;
};
@ -939,6 +941,10 @@ static void usage(const char *argv0) {
timeout_secs);
printf("\t--auth username:password\n"
"\t\tEnable basic authentication.\n\n");
printf("\t--forward-https\n"
"\t\tIf the client requested HTTP, forward to HTTPS.\n"
"\t\tThis is useful if darkhttpd is behind a reverse proxy\n"
"\t\tthat supports SSL.\n\n");
#ifdef HAVE_INET6
printf("\t--ipv6\n"
"\t\tListen on IPv6 address.\n\n");
@ -1152,6 +1158,9 @@ static void parse_commandline(const int argc, char *argv[]) {
xasprintf(&auth_key, "Basic %s", key);
free(key);
}
else if (strcmp(argv[i], "--forward-https") == 0) {
forward_to_https = 1;
}
#ifdef HAVE_INET6
else if (strcmp(argv[i], "--ipv6") == 0) {
inet6 = 1;
@ -1998,6 +2007,22 @@ static void process_get(struct connection *conn) {
return;
}
if (forward_to_https) {
char *proto = parse_field(conn, "X-Forwarded-Proto: ");
if (proto) {
if (strcmp(proto, "http") == 0) {
char *host = parse_field(conn, "Host: ");
if (host) {
redirect(conn, "https://%s%s", host, decoded_url);
free(host);
free(proto);
return;
}
}
free(proto);
}
}
/* test the host against web forward options */
if (forward_map) {
char *host = parse_field(conn, "Host: ");