Support automatic HTTP -> HTTPS redirect #2424
Comments
|
I don't think Rocket should do this automatically. Rocket is a web server that listens on a single logical connection. This is different from what both caddy and nginx are: proxies that can also run any number of servers. Instead, I would indeed advocate for launching a separate instance of Rocket that does the redirection. Here's a simple but fairly complete and robust implementation: mod redirector {
use rocket::http::Status;
use rocket::{route, Error, Request, Data, Route, Orbit, Rocket};
use rocket::fairing::{Fairing, Info, Kind};
use rocket::response::Redirect;
#[derive(Debug, Copy, Clone)]
pub struct Redirector {
pub port: u16
}
impl Redirector {
fn redirect<'r>(req: &'r Request, _: Data<'r>) -> route::BoxFuture<'r> {
// FIXME: We should check the host against a whitelist!
if let Some(host) = req.host() {
let https_uri = format!("https://{}{}", host, req.uri());
route::Outcome::from(req, Redirect::permanent(https_uri)).pin()
} else {
route::Outcome::from(req, Status::BadRequest).pin()
}
}
pub async fn try_launch(&self) -> Result<(), Error> {
use rocket::config::{Config, TlsConfig};
use rocket::http::Method::*;
let redirect_all = [Get, Put, Post, Delete, Options, Head, Trace, Connect, Patch]
.into_iter()
.map(|m| Route::new(m, "/<path..>", Self::redirect))
.collect::<Vec<_>>();
let config = Config::figment()
.merge((Config::TLS, None::<Option<TlsConfig>>))
.merge((Config::PORT, self.port))
.merge((Config::LOG_LEVEL, "critical"));
rocket::custom(config)
.mount("/", redirect_all)
.launch()
.await?;
Ok(())
}
}
#[rocket::async_trait]
impl Fairing for Redirector {
fn info(&self) -> Info {
Info { name: "HTTP -> HTTPS Redirector", kind: Kind::Liftoff }
}
async fn on_liftoff(&self, rkt: &Rocket<Orbit>) {
let (this, shutdown) = (*self, rkt.shutdown());
let _ = rocket::tokio::spawn(async move {
if let Err(e) = this.try_launch().await {
error!("Failed to start HTTP -> HTTPS redirector.");
info_!("Error: {}", e);
error_!("Shutting down main instance.");
shutdown.notify();
}
});
}
}
}
#[launch]
async fn rocket() -> _ {
rocket::build()
.mount("/", routes![..])
.attach(redirector::Redirector { port: 3000 })
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request motivated by a concrete problem? Please describe.
Rocket supports TLS. It can serve TLS requests directly. Most sites that serve TLS (i.e., most sites generally 馃槃) will also listen on plaintext HTTP on port 80 and simply redirect to HTTPS.
Why this feature can't or shouldn't live outside of Rocket
HTTPS is already implemented inside of Rocket, and for good reason. One of Rust's strengths generally is simple deployment; I end up with a statically linked binary. In my case, I'm even trying to include static assets like icons and JS files inside at compile time (that feature doesn't have to live in Rocket, though!). The fact that HTTPS is a core rocket feature, but then I can't do HTTP -> HTTPS redirects easily, really limits the utility.
Ideal Solution
Ideally, Rocket could by default, when HTTPS is configured do what nginx does with these lines:
and, in addition, this could be disabled. Or vice versa (it could be optionally enabled). I think that if we're listening on port 443 for HTTPS, then it's perfectly reasonable to also listen on 80 for the purpose of redirecting to 443.
Alternatives Considered
I could make a second rocket (or hyper?) instance that just does this one thing, or I could bring in nginx for this one purpose. There's no documentation on having multiple rocket apps in one binary, and it seems like overkill.
Additional Context
Caddy does what I describe, plus it even fetches the certs for you - https://caddyserver.com/docs/automatic-https
The text was updated successfully, but these errors were encountered: