Skip to content
Snippets Groups Projects
Commit f7b43c58 authored by Vladimir Shushlin's avatar Vladimir Shushlin
Browse files

fix: Let's Encrypt integration with /* redirects

Let's Encrypt integration relies on acme challenges being redirected
to main GitLab server and served there.

We also allow serving ACME challenges from project content
just in case users implemented Let's Encrypt integration manually.

But when user adds `/* -> redirect_url` to .redirects, it treated
as project content and will handles as redirect.

Changelog: fixed

This commit just stop handling redirects for any LE challenges.
parent 65a13cb5
No related merge requests found
......@@ -26,7 +26,7 @@ func (m *Middleware) ServeAcmeChallenges(w http.ResponseWriter, r *http.Request,
return false
}
if !isAcmeChallenge(r.URL.Path) {
if !IsAcmeChallenge(r.URL.Path) {
return false
}
......@@ -37,7 +37,7 @@ func (m *Middleware) ServeAcmeChallenges(w http.ResponseWriter, r *http.Request,
return m.redirectToGitlab(w, r)
}
func isAcmeChallenge(path string) bool {
func IsAcmeChallenge(path string) bool {
return strings.HasPrefix(filepath.Clean(path), "/.well-known/acme-challenge/")
}
......
......@@ -14,6 +14,7 @@ import (
"gitlab.com/gitlab-org/labkit/log"
"gitlab.com/gitlab-org/gitlab-pages/internal/acme"
"gitlab.com/gitlab-org/gitlab-pages/internal/vfs"
)
......@@ -100,6 +101,10 @@ func (r *Redirects) Status() string {
// Rewrite takes in a URL and uses the parsed Netlify rules to rewrite
// the URL to the new location if it matches any rule
func (r *Redirects) Rewrite(originalURL *url.URL) (*url.URL, int, error) {
if acme.IsAcmeChallenge(originalURL.Path) {
return nil, 0, ErrNoRedirect
}
rule, newPath := r.match(originalURL.Path)
if rule == nil {
return nil, 0, ErrNoRedirect
......
......@@ -123,6 +123,14 @@ func TestRedirectsRewrite(t *testing.T) {
expectedStatus: http.StatusOK,
expectedErr: "",
},
{
name: "does_not_redirect_acme_challenges",
url: "/.well-known/acme-challenge/token",
rule: "/* /to/path 200",
expectedURL: "",
expectedStatus: 0,
expectedErr: ErrNoRedirect.Error(),
},
}
for _, tt := range tests {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment