Go: x/build/cmd/coordinator: http://farmer.golang.org should redirect to https
Unless there's a good reason why it doesn't/cannot, or it's extremely time-consuming.
build.golang.org, dev.golang.org, tip.golang.org, etc., already do it.
I'd also like to learn how to do this (so I can apply the knowledge in similar situations in the future). /cc @bradfitz
dmitshur
All 5 comments
Sounds fine.
I had said no in the past when we did a bunch of the other service redirects because I didn't 100% trust the autocert code/cert caching and I didn't want to add more moving parts that might fail & hinder debugging of a production system, but I think it's time. Since I last said no, the reverse buildlets now connect to https anyway without using a hard-coded server cert like they used to, so we're already depending on LetsEncrypt/etc.
bradfitz
on 26 Sep 2018
@dmitshur, did you want to do this?
bradfitz
on 18 Mar 2019
Sure. This part still applies:
I'd also like to learn how to do this (so I can apply the knowledge in similar situations in the future).
dmitshur
on 18 Mar 2019
There's no config file if that's what you're asking. You just need to go add a few lines of code to a Handler somewhere, checking to see if req.TLS == nil.
bradfitz
on 18 Mar 2019
Change https://golang.org/cl/168138 mentions this issue: cmd/coordinator: redirect from http to https in production
gopherbot
on 18 Mar 2019
Related issues
dominikh
路
3Comments
rakyll
路
3Comments
mingrammer
路
3Comments
ajstarks
路
3Comments
natefinch
路
3Comments
Most helpful comment
Sounds fine.
I had said no in the past when we did a bunch of the other service redirects because I didn't 100% trust the autocert code/cert caching and I didn't want to add more moving parts that might fail & hinder debugging of a production system, but I think it's time. Since I last said no, the reverse buildlets now connect to https anyway without using a hard-coded server cert like they used to, so we're already depending on LetsEncrypt/etc.