Redirect HTTP to HTTPS?

[benbrim4]

I've recently implemented TLS into my helidon SE webserver and it works fine. The issue is that if I don't specify https in the url, the server will return an empty response. I'd like/expect the server to return a 301 redirect to force HTTPS. I would've figured this would have been a server configuration property or a routing condition but I have not been able to find anyone else encountering this issue. Any help is much appreciated!

[danielkec]

Hi sorry for the late response, how about this?:

        int tlsPort = 4443;
        int plainPort = 8080;

        WebServer.builder()
                .port(tlsPort)
                .defaultSocket(s -> s
                        .tls(WebServerTls.builder()
                                     .privateKey(KeyConfig.keystoreBuilder()
                                                         .keystore(Resource.create("ssl/certificate.p12"))
                                                         .keystorePassphrase("helidon".toCharArray())
                                                         .build())
                                     .build()))
                .routing(r -> r.get("/test", (req, res) -> res.send("Secured!")))
                .socket("plain-redirect", (socket, router) -> {
                            socket.port(plainPort);
                            router.addRouting(() -> Routing.builder()
                                    .any((req, res) -> res
                                            .addHeader("Location", securedUrl(req.requestedUri(), tlsPort))
                                            .status(Http.Status.MOVED_PERMANENTLY_301)
                                            .send())
                                    .build()
                            );
                        }
                )
                .build()
                .start();
    }

    static String securedUrl(UriInfo uriInfo, int port) {
        try {
            return new URI("https",
                           null,
                           uriInfo.host(),
                           port,
                           uriInfo.path(),
                           uriInfo.query().orElse(null),
                           null).toASCIIString();
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

curl -v -k -L localhost:8080/test
*   Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /test HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.85.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 7 Mar 2023 14:08:27 +0100
< Location: https://localhost:4443/test
< transfer-encoding: chunked
< connection: keep-alive
< 
* Ignoring the response-body
* Connection #0 to host localhost left intact
* Clear auth, redirects to port from 8080 to 4443
* Issue another request to this URL: 'https://localhost:4443/test'
*   Trying 127.0.0.1:4443...
* Connected to localhost (127.0.0.1) port 4443 (#1)
* ALPN: offers h2
* ALPN: offers http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=Santa Clara; O=Oracle; OU=Helidon; CN=helidon-webserver-netty-test; [email protected]
*  start date: Jul  3 01:38:57 2018 GMT
*  expire date: Apr 16 01:38:57 2292 GMT
*  issuer: C=US; ST=California; L=Santa Clara; O=Oracle; OU=Helidon; CN=helidon-webserver-netty-test; [email protected]
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /test HTTP/1.1
> Host: localhost:4443
> User-Agent: curl/7.85.0
> Accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Type: text/plain
< Date: Tue, 7 Mar 2023 14:08:28 +0100
< connection: keep-alive
< content-length: 8
< 
* Connection #1 to host localhost left intact
Secured!