Merge pull request #1372 from bit/nginx

nginx: add redirect for HTTP traffic
2026-01-23 07:20:55 +03:00 · 2015-11-17 12:38:08 -08:00
parent 53eaf7ce1e a790038a9f
commit ee70cfbc9a
3 changed files with 25 additions and 5 deletions
--- a/letsencrypt-nginx/letsencrypt_nginx/configurator.py
+++ b/letsencrypt-nginx/letsencrypt_nginx/configurator.py
@@ -93,7 +93,7 @@ class NginxConfigurator(common.Plugin):
        # These will be set in the prepare function
        self.parser = None
        self.version = version
-        self._enhance_func = {}  # TODO: Support at least redirects
+        self._enhance_func = {"redirect": self._enable_redirect}

        # Set up reverter
        self.reverter = reverter.Reverter(self.config)
@@ -344,7 +344,7 @@ class NginxConfigurator(common.Plugin):
    ##################################
    def supported_enhancements(self):  # pylint: disable=no-self-use
        """Returns currently supported enhancements."""
-        return []
+        return ['redirect']

    def enhance(self, domain, enhancement, options=None):
        """Enhance configuration.
@@ -366,6 +366,26 @@ class NginxConfigurator(common.Plugin):
        except errors.PluginError:
            logger.warn("Failed %s for %s", enhancement, domain)

+    def _enable_redirect(self, vhost, unused_options):
+        """Redirect all equivalent HTTP traffic to ssl_vhost.
+
+        Add rewrite directive to non https traffic
+
+        .. note:: This function saves the configuration
+
+        :param vhost: Destination of traffic, an ssl enabled vhost
+        :type vhost: :class:`~letsencrypt_nginx.obj.VirtualHost`
+
+        :param unused_options: Not currently used
+        :type unused_options: Not Available
+        """
+        redirect_block = [[['if', '($scheme != "https")'],
+            [['return', '301 https://$host$request_uri']]
+        ]]
+        self.parser.add_server_directives(vhost.filep, vhost.names,
+            redirect_block)
+        logger.info("Redirecting all traffic to ssl in %s", vhost.filep)
+
    ######################################
    # Nginx server management (IInstaller)
    ######################################
--- a/letsencrypt-nginx/letsencrypt_nginx/parser.py
+++ b/letsencrypt-nginx/letsencrypt_nginx/parser.py
@@ -413,7 +413,7 @@ def _regex_match(target_name, name):
            return True
        else:
            return False
-    except re.error:
+    except re.error: # pragma: no cover
        # perl-compatible regexes are sometimes not recognized by python
        return False

--- a/letsencrypt-nginx/letsencrypt_nginx/tests/configurator_test.py
+++ b/letsencrypt-nginx/letsencrypt_nginx/tests/configurator_test.py
@@ -51,11 +51,11 @@ class NginxConfiguratorTest(util.NginxTest):
             "example.*", "www.example.org", "myhost"]))

    def test_supported_enhancements(self):
-        self.assertEqual([], self.config.supported_enhancements())
+        self.assertEqual(['redirect'], self.config.supported_enhancements())

    def test_enhance(self):
        self.assertRaises(
-            errors.PluginError, self.config.enhance, 'myhost', 'redirect')
+            errors.PluginError, self.config.enhance, 'myhost', 'unknown_enhancement')

    def test_get_chall_pref(self):
        self.assertEqual([challenges.TLSSNI01],