Added configurabe https redirect code in case a ssl certificate exists

usrflo · usrflo · commit 0e5fe51bcd2a · 2024-04-26T08:33:00.000+02:00
old default: 302 temporary redirect
new default: 301 permanent redirect

The default code can be changed in application.properties, config value haproxy.httpsRedirectCode
diff --git a/README.md b/README.md
@@ -180,7 +180,7 @@ As a result the generated backend section inside haproxy.cfg will look like:
 ```
 backend agiprx_123_api
         timeout server 240000
-        redirect scheme https if !{ ssl_fc } { req.hdr(host),lower,map_str(/etc/haproxy/domain2cert.map) -m found }
+        redirect scheme https code 301 if !{ ssl_fc } { req.hdr(host),lower,map_str(/etc/haproxy/domain2cert.map) -m found }
         server agiprx-server.my.tld_agiprx-api [::1]:8002
 ```
 
diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>de.agitos</groupId>
 	<artifactId>agiprx</artifactId>
-	<version>2.3</version>
+	<version>2.4</version>
 	<name>Agitos Proxy Tool</name>
 	<description>HAProxy- und SSH-Proxy-Konfiguration</description>
 	<packaging>jar</packaging>
diff --git a/src/main/java/de/agitos/agiprx/AgiPrx.java b/src/main/java/de/agitos/agiprx/AgiPrx.java
@@ -61,6 +61,7 @@
 import de.agitos.agiprx.executor.NonInteractiveProjectExecutor;
 import de.agitos.agiprx.executor.ProjectExecutor;
 import de.agitos.agiprx.executor.UserExecutor;
+import de.agitos.agiprx.output.HAProxyBackendFormatter;
 import de.agitos.agiprx.util.Assert;
 import de.agitos.agiprx.util.EmailSender;
 import de.agitos.agiprx.util.UserContext;
@@ -133,6 +134,7 @@ private AgiPrx() throws IOException {
 		diList.add(new DomainDao());
 		diList.add(new DomainIpChecker());
 		diList.add(new EmailSender());
+		diList.add(new HAProxyBackendFormatter());
 		diList.add(new HAProxyLesslBackendProcessor());
 		diList.add(new HAProxyProcessor());
 		diList.add(new HostDao());
diff --git a/src/main/java/de/agitos/agiprx/bean/processor/HAProxyProcessor.java b/src/main/java/de/agitos/agiprx/bean/processor/HAProxyProcessor.java
@@ -214,7 +214,7 @@ private void generateAndCheckConfigFile(List<Project> allProjects)
 		haproxyLesslBackendProcessor.generateLesslBackend(buf);
 
 		// append main config from agiprx db (backend sections only)
-		HAProxyBackendFormatter backendFormatter = new HAProxyBackendFormatter();
+		HAProxyBackendFormatter backendFormatter = HAProxyBackendFormatter.getBean();
 
 		for (Project project : allProjects) {
 
diff --git a/src/main/java/de/agitos/agiprx/model/Backend.java b/src/main/java/de/agitos/agiprx/model/Backend.java
@@ -154,8 +154,7 @@ public String toStringRecursive(String linePrefix, int maxTotalWidth) {
 		} else if (this.getBackendContainers().size() == 0) {
 			buf.append(String.format(linePrefix + "Warning: no containers assigned, backend is non-functional."));
 		} else {
-			HAProxyBackendFormatter backendFormatter = new HAProxyBackendFormatter();
-			backendFormatter.formatBackend(this, buf, linePrefix);
+			HAProxyBackendFormatter.getBean().formatBackend(this, buf, linePrefix);
 		}
 
 		// add domain info
diff --git a/src/main/java/de/agitos/agiprx/output/HAProxyBackendFormatter.java b/src/main/java/de/agitos/agiprx/output/HAProxyBackendFormatter.java
@@ -18,11 +18,34 @@
 
 import com.mysql.cj.util.StringUtils;
 
+import de.agitos.agiprx.DependencyInjector;
+import de.agitos.agiprx.bean.Config;
 import de.agitos.agiprx.bean.processor.HAProxyProcessor;
 import de.agitos.agiprx.model.Backend;
 import de.agitos.agiprx.model.BackendContainer;
+import de.agitos.agiprx.util.Assert;
 
-public class HAProxyBackendFormatter {
+public class HAProxyBackendFormatter implements DependencyInjector {
+
+	private static HAProxyBackendFormatter BEAN;
+
+	private Integer haProxyHttpsRedirectCode;
+
+	public HAProxyBackendFormatter() {
+
+		Assert.singleton(this, BEAN);
+		BEAN = this;
+
+		haProxyHttpsRedirectCode = Config.getBean().getInteger("haproxy.httpsRedirectCode", 301);
+	}
+
+	@Override
+	public void postConstruct() {
+	}
+
+	public static HAProxyBackendFormatter getBean() {
+		return BEAN;
+	}
 
 	public void formatBackend(Backend backend, StringBuilder buf) {
 		formatBackend(backend, buf, "");
@@ -68,7 +91,8 @@ public void formatBackend(Backend backend, StringBuilder buf, String linePrefix)
 	}
 
 	private void addConditionalSSLRedirect(StringBuilder buf, String linePrefix) {
-		buf.append(linePrefix).append("\t").append("redirect scheme https if !{ ssl_fc } ");
+		buf.append(linePrefix).append("\t").append("redirect scheme https code ").append(haProxyHttpsRedirectCode)
+				.append(" if !{ ssl_fc } ");
 		buf.append("{ req.hdr(host),lower,map_str(")
 				.append(HAProxyProcessor.CONFIG_PATH + HAProxyProcessor.DOMAIN_TO_CERT_FILE).append(") -m found }")
 				.append("\n");
diff --git a/src/main/resources/application.properties.tpl b/src/main/resources/application.properties.tpl
@@ -41,6 +41,9 @@ domain.trustedIps=1.2.3.4
 # HAProxy reload command
 haproxy.reloadCommand=/usr/bin/systemctl reload haproxy
 
+# HAProxy redirect code http -> https: 301 (default) or 302
+haproxy.httpsRedirectCode=301
+
 # informative SSH proxy domainname and port for end-user notifications 
 proxy.domainname=proxy.example.org
 proxy.port=2222

Original file line number	Diff line number	Diff line change
`@@ -154,8 +154,7 @@ public String toStringRecursive(String linePrefix, int maxTotalWidth) {`
`154`	`154`	`} else if (this.getBackendContainers().size() == 0) {`
`155`	`155`	`buf.append(String.format(linePrefix + "Warning: no containers assigned, backend is non-functional."));`
`156`	`156`	`} else {`
`157`		`- HAProxyBackendFormatter backendFormatter = new HAProxyBackendFormatter();`
`158`		`- backendFormatter.formatBackend(this, buf, linePrefix);`
	`157`	`+ HAProxyBackendFormatter.getBean().formatBackend(this, buf, linePrefix);`
`159`	`158`	`}`
`160`	`159`
`161`	`160`	`// add domain info`