URL Rewrites to Force Secure Connection

[schilton]

Back in 2014 I used the following statement to force a secure connection.

/* Redirect all traffic to ssl /
/ s_http_server_opts.url_rewrites = "%80=https://domain_name"; */

If reviewing the current version of Mongoose, I do not see this function anymore. How would I implement this function in todays version of Mongoose?

[scaprile]

Mongoose 3.6 is November 2015
Current release is 7.9
What exactly do you want to do, why, and what is your use case ?

[schilton]

There is a legal requirement that all communication between the client and the server must be over a secure connection. However, the user of the client may not make the request using https. Therefore, we need to send a reply telling the client that it is a 301 error and they need to resubmit the request to https://domain.name/original url requested. The earlier version of Mongoose accomplished that with a function under http_server_opts that does not exist in the current version. My question is how do I force all inbound traffic on port 80 to port 443?

[scaprile]

If you need to send a 301, then send a 301: https://mongoose.ws/documentation/#mg_http_reply
AFAICS you don't have to force traffic, just tell the client to go to the secure URL and not serve pages at port 80. That means two listeners, one at port 80 returning 301 and the other at port 443 with TLS enabled
Something like:

void redir_fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
  if (ev == MG_EV_HTTP_MSG)
    mg_http_reply(c, 301, "Location: https://craftyourURLhere/\r\n", "");
}

void serve_fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
  if (ev == MG_EV_ACCEPT) {
    struct mg_tls_opts opts = {
      .cert = "cert.pem",    // Certificate file
      .certkey = "key.pem",  // Private key file
    };
    mg_tls_init(c, &opts);
  } else if (ev == MG_EV_HTTP_MSG) {
    struct mg_http_serve_opts opts = {.root_dir = "."};  // Serve local dir
    mg_http_serve_dir(c, ev_data, &opts);
  }
}

mg_http_listen(&mgr, "http://0.0.0.0:80/", redir_fn, NULL);
mg_http_listen(&mgr, "https://0.0.0.0:443/", serve_fn, NULL);

sort of...

https://mongoose.ws/documentation/tutorials/http-server/
https://mongoose.ws/documentation/tutorials/tls/

[schilton]

This is great. Thank you. The one remaining question I have is where you list the "craftyourURLhere" part. I do not know what url they were originally requesting, so how do I get that from the original http request and insert it at "craftyourURLhere"?

[scaprile]

If you don't know the URL beforehand, I guess you can get it by parsing the message headers https://mongoose.ws/documentation/#struct-mg_http_message
https://mongoose.ws/documentation/tutorials/http-server/#how-to-get-request-data

[cpq]

Something like this. (not tested)

  if (ev == MG_EV_HTTP_MSG) {
    struct mg_http_message *hm = ev_data;
    mg_printf(c, "HTTP/1.1 301 Moved\r\nLocation: https://%M%.*s\r\n\r\n",
              mg_print_ip, &c->loc, (int) hm->uri.len, hm->uri.ptr);
    c->is_resp = 0;
  }