acme and redirection patch

+ Added experimental fix for redirection tailing problem + Added acme widget for first time users to setup https
2025-06-03 06:07:20 +02:00 · 2023-07-06 11:01:33 +08:00 · 2023-07-06 11:01:33 +08:00 · 36b17ce4cf
commit 36b17ce4cf
parent 2f14d6f271
8 changed files with 45 additions and 17 deletions
--- a/src/mod/acme/acmewizard/acmewizard.go
+++ b/src/mod/acme/acmewizard/acmewizard.go
@ -98,6 +98,10 @@ func isLocalhostListening() (isListening bool, err error) {
 		conn.Close()
 	}

+	if isListening {
+		return true, nil
+	}
+
 	return isListening, err
 }

--- a/src/mod/dynamicproxy/dpcore/dpcore.go
+++ b/src/mod/dynamicproxy/dpcore/dpcore.go
@ -357,11 +357,6 @@ func (p *ReverseProxy) ProxyHTTP(rw http.ResponseWriter, req *http.Request, rrr

 	//Custom header rewriter functions
 	if res.Header.Get("Location") != "" {
-		/*
-			fmt.Println(">>> REQ", req)
-			fmt.Println(">>> OUTR", outreq)
-			fmt.Println(">>> RESP", res)
-		*/
 		locationRewrite := res.Header.Get("Location")
 		originLocation := res.Header.Get("Location")
 		res.Header.Set("zr-origin-location", originLocation)
@ -369,12 +364,10 @@ func (p *ReverseProxy) ProxyHTTP(rw http.ResponseWriter, req *http.Request, rrr
 		if strings.HasPrefix(originLocation, "http://") || strings.HasPrefix(originLocation, "https://") {
 			//Full path
 			//Replace the forwarded target with expected Host
-			lr, err := replaceLocationHost(locationRewrite, rrr.OriginalHost, req.TLS != nil)
+			lr, err := replaceLocationHost(locationRewrite, rrr, req.TLS != nil)
 			if err == nil {
 				locationRewrite = lr
 			}
-			//locationRewrite = strings.ReplaceAll(locationRewrite, rrr.ProxyDomain, rrr.OriginalHost)
-			//locationRewrite = strings.ReplaceAll(locationRewrite, domainWithoutPort, rrr.OriginalHost)
 		} else if strings.HasPrefix(originLocation, "/") && rrr.PathPrefix != "" {
 			//Back to the root of this proxy object
 			//fmt.Println(rrr.ProxyDomain, rrr.OriginalHost)
@ -387,6 +380,7 @@ func (p *ReverseProxy) ProxyHTTP(rw http.ResponseWriter, req *http.Request, rrr
 		//Custom redirection to this rproxy relative path
 		res.Header.Set("Location", locationRewrite)
 	}
+
 	// Copy header from response to client.
 	copyHeader(rw.Header(), res.Header)

--- a/src/mod/dynamicproxy/dpcore/utils.go
+++ b/src/mod/dynamicproxy/dpcore/utils.go
@ -2,20 +2,45 @@ package dpcore

 import (
 	"net/url"
+	"strings"
 )

-func replaceLocationHost(urlString string, newHost string, useTLS bool) (string, error) {
+// replaceLocationHost rewrite the backend server's location header to a new URL based on the given proxy rules
+// If you have issues with tailing slash, you can try to fix them here (and remember to PR :D )
+func replaceLocationHost(urlString string, rrr *ResponseRewriteRuleSet, useTLS bool) (string, error) {
 	u, err := url.Parse(urlString)
 	if err != nil {
 		return "", err
 	}

+	//Update the schemetic if the proxying target is http
+	//but exposed as https to the internet via Zoraxy
 	if useTLS {
 		u.Scheme = "https"
 	} else {
 		u.Scheme = "http"
 	}

-	u.Host = newHost
+	u.Host = rrr.OriginalHost
+
+	if strings.Contains(rrr.ProxyDomain, "/") {
+		//The proxy domain itself seems contain subpath.
+		//Trim it off from Location header to prevent URL segment duplicate
+		//E.g. Proxy config: blog.example.com -> example.com/blog
+		//Location Header: /blog/post?id=1
+		//Expected Location Header send to client:
+		// blog.example.com/post?id=1 instead of blog.example.com/blog/post?id=1
+
+		ProxyDomainURL := "http://" + rrr.ProxyDomain
+		if rrr.UseTLS {
+			ProxyDomainURL = "https://" + rrr.ProxyDomain
+		}
+		ru, err := url.Parse(ProxyDomainURL)
+		if err == nil {
+			//Trim off the subpath
+			u.Path = strings.TrimPrefix(u.Path, ru.Path)
+		}
+	}
+
 	return u.String(), nil
 }
--- a/src/mod/dynamicproxy/proxyRequestHandler.go
+++ b/src/mod/dynamicproxy/proxyRequestHandler.go
@ -95,6 +95,7 @@ func (h *ProxyHandler) subdomainRequest(w http.ResponseWriter, r *http.Request,
 		UseTLS:       target.RequireTLS,
 		PathPrefix:   "",
 	})
+
 	var dnsError *net.DNSError
 	if err != nil {
 		if errors.As(err, &dnsError) {
--- a/src/mod/dynamicproxy/redirection/handler.go
+++ b/src/mod/dynamicproxy/redirection/handler.go
@ -28,10 +28,7 @@ func (t *RuleTable) HandleRedirect(w http.ResponseWriter, r *http.Request) int {
 	rr := t.MatchRedirectRule(requestPath)
 	if rr != nil {
 		redirectTarget := rr.TargetURL
-		//Always pad a / at the back of the target URL
-		if redirectTarget[len(redirectTarget)-1:] != "/" {
-			redirectTarget += "/"
-		}
+
 		if rr.ForwardChildpath {
 			//Remove the first / in the path
 			redirectTarget += strings.TrimPrefix(r.URL.Path, "/")
--- a/src/web/components/redirection.html
+++ b/src/web/components/redirection.html
@ -39,7 +39,7 @@
        <div class="field">
          <label>Destination URL (To)</label>
          <input type="text" name="destination-url" placeholder="Destination URL">
-          <small><i class="ui circle info icon"></i> The target URL request being redirected to, e.g. dest.example.com/mysite</small>
+          <small><i class="ui circle info icon"></i> The target URL request being redirected to, e.g. dest.example.com/mysite/ or dest.example.com/script.php, <b>sometime you might need to add tailing slash (/) to your URL depending on your use cases</b></small>
        </div>
        <div class="field">
          <div class="ui checkbox">
--- a/src/web/snippet/acme.html
+++ b/src/web/snippet/acme.html
@ -115,7 +115,8 @@
    </div>
    <button id="obtainButton" class="ui basic button" type="submit"><i class="yellow refresh icon"></i> Renew Certificate</button>
  </div>
-
+  <div class="ui divider"></div>
+  <small>First time setting up HTTPS?<br>Try out our <a href="../tools/https.html" target="_blank">wizard</a></small>
  <button class="ui basic button"  style="float: right;" onclick="parent.hideSideWrapper();"><i class="remove icon"></i> Cancel</button>
  <br><br><br><br>
  </div>
--- a/src/web/tools/https.html
+++ b/src/web/tools/https.html
@ -21,6 +21,11 @@
        <div class="ui container">
            <div class="ui yellow message">
                This Wizard require both client and server connected to the internet.
+                <br><b>
+                As different deployment methods might involve different network environment, 
+                this wizard is only provided for assistant and the correctness of the setup is not guaranteed.
+                 If you need to verify your TLS/SSL certificate installation is valid, please seek help 
+                 from IT professionals.</b>
            </div>
            <div class="ui segment">
                <h3 class="ui header">
@ -114,7 +119,8 @@
                </div>
            </div>
        <script>
-
+          $(".dropdown").dropdown();
+          
            function checkIfInputDomainIsMultiple(){
                var inputDomains = $("#domainsInput").val();
                if (inputDomains.includes(",")){