Skip to content

Enhance httpsrv TLS redirect options#151

Open
Eric-Guo wants to merge 1 commit into
go-dev-frame:mainfrom
Eric-Guo:tls_improve
Open

Enhance httpsrv TLS redirect options#151
Eric-Guo wants to merge 1 commit into
go-dev-frame:mainfrom
Eric-Guo:tls_improve

Conversation

@Eric-Guo
Copy link
Copy Markdown
Contributor

@Eric-Guo Eric-Guo commented May 30, 2026
edited
Loading

Add non-standard HTTPS redirect port support and multi-domain whitelist options for auto-encrypt TLS mode.

Used at Eric-Guo/thrustOauth2idServer#2

@Eric-Guo
Enhance httpsrv TLS redirect options
3ceb0f6 
Add non-standard HTTPS redirect port support and multi-domain whitelist options for auto-encrypt TLS mode.
Copilot AI review requested due to automatic review settings May 30, 2026 16:19
Copilot AI reviewed May 30, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds support for multiple domains in the autocert host whitelist and makes HTTP→HTTPS redirects aware of a configurable HTTPS port.

Changes:

  • Extend TLS auto-encrypt options/config to support additional whitelisted domains.
  • Add redirectHTTPSPort option and implement a custom redirect handler used by autocert.Manager.HTTPHandler.
  • Update docs and tests to cover extra domains + redirect port behavior.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
pkg/httpsrv/tls_auto_encrypt.go Adds domain normalization/whitelisting and configurable redirect HTTPS port via a custom redirect handler.
pkg/httpsrv/tls_auto_encrypt_test.go Expands option validation tests and adds redirect handler tests (including custom port).
pkg/httpsrv/README.md Documents new redirect HTTPS port and extra domains options.
pkg/httpsrv/readme-cn.md Mirrors README changes in Chinese documentation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pkg/httpsrv/tls_auto_encrypt.go
Comment on lines +179 to +192
host := strings.TrimSpace(r.Host)
if parsedHost, _, err := net.SplitHostPort(host); err == nil && parsedHost != "" {
host = parsedHost
}
if host == "" && r.URL != nil {
host = r.URL.Host
}

targetHost := host
if host != "" && c.redirectHTTPSPort > 0 && c.redirectHTTPSPort != 443 {
targetHost = net.JoinHostPort(host, strconv.Itoa(c.redirectHTTPSPort))
}

http.Redirect(w, r, "https://"+targetHost+r.URL.RequestURI(), http.StatusFound)
Comment thread pkg/httpsrv/tls_auto_encrypt.go
Comment on lines +183 to +192
if host == "" && r.URL != nil {
host = r.URL.Host
}

targetHost := host
if host != "" && c.redirectHTTPSPort > 0 && c.redirectHTTPSPort != 443 {
targetHost = net.JoinHostPort(host, strconv.Itoa(c.redirectHTTPSPort))
}

http.Redirect(w, r, "https://"+targetHost+r.URL.RequestURI(), http.StatusFound)
Comment thread pkg/httpsrv/tls_auto_encrypt.go
Comment on lines +205 to +220
func normalizeDomains(domains []string) []string {
seen := map[string]struct{}{}
filtered := make([]string, 0, len(domains))
for _, domain := range domains {
domain = strings.TrimSpace(domain)
if domain == "" {
continue
}
if _, ok := seen[domain]; ok {
continue
}
seen[domain] = struct{}{}
filtered = append(filtered, domain)
}
return filtered
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Eric-Guo