From 9ca4daa90671e725d7c61897ab80f48f0fafe546 Mon Sep 17 00:00:00 2001 From: Lenin Alevski Date: Mon, 6 Apr 2020 15:59:21 -0700 Subject: [PATCH] TLS redirect enabled by default (#39) When certificates are provided to mcs, tls direct will be enabled by default (http://localhost -> https:localhost), you can change this behavior by providing the `MCS_SECURE_SSL_REDIRECT=off` env variable --- cmd/mcs/server.go | 1 + restapi/config.go | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/cmd/mcs/server.go b/cmd/mcs/server.go index a21513b7a..64fa1a557 100644 --- a/cmd/mcs/server.go +++ b/cmd/mcs/server.go @@ -120,6 +120,7 @@ func startServer(ctx *cli.Context) error { // Need to store tls-port, tls-host un config variables so secure.middleware can read from there restapi.TLSPort = fmt.Sprintf("%v",ctx.Int("tls-port")) restapi.TLSHostname = ctx.String("tls-host") + restapi.TLSRedirect = "on" } server.ConfigureAPI() diff --git a/restapi/config.go b/restapi/config.go index 2d510a8d6..4e5af3cec 100644 --- a/restapi/config.go +++ b/restapi/config.go @@ -28,6 +28,7 @@ var Port = "9090" var Hostname = "localhost" var TLSHostname = "localhost" var TLSPort = "9443" +var TLSRedirect = "off" func getAccessKey() string { return env.Get(McsAccessKey, "minioadmin") @@ -147,7 +148,7 @@ func getSecureHostsProxyHeaders() []string { // If SSLRedirect is set to true, then only allow HTTPS requests. Default is true. func getSSLRedirect() bool { - return strings.ToLower(env.Get(McsSecureSSLRedirect, "off")) == "on" + return strings.ToLower(env.Get(McsSecureSSLRedirect, TLSRedirect)) == "on" } // SSLHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host.