Merge pull request #6 from kataras/master

Update Former-commit-id: 4b1cb12e22aaa10991b78c157100a9a1aa3ec9c6
2025-01-23 18:51:03 +01:00 · 2018-01-17 07:34:03 +08:00 · 2018-01-17 07:34:03 +08:00 · b90d696e61
commit b90d696e61
parent 5419f5a00f 58f8b3c347
11 changed files with 59 additions and 50 deletions
--- a/HISTORY.md
+++ b/HISTORY.md
@ -17,6 +17,17 @@ Developers are not forced to upgrade if they don't really need it. Upgrade whene

 **How to upgrade**: Open your command-line and execute this command: `go get -u github.com/kataras/iris` or let the automatic updater do that for you.

+# Tu, 16 Jenuary 2018 | v10.0.2
+
+## Security | `iris.AutoTLS`
+
+**Every server should be upgraded to this version**, it contains fixes for the _tls-sni challenge disabled_ some days ago by letsencrypt.org which caused almost every https-enabled golang server to be unable to be functional, therefore support for the _http-01 challenge type_ added. Now the server is testing all available letsencrypt challenges.
+
+Read more at:
+
+- https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/5a55777ed9a9c1024c00b241
+- https://github.com/golang/crypto/commit/13931e22f9e72ea58bb73048bc752b48c6d4d4ac
+
 # Mo, 15 Jenuary 2018 | v10.0.1

 Not any serious problems were found to be resolved here but one, the first one which is important for devs that used the [cache](cache) package.
--- a/HISTORY_GR.md
+++ b/HISTORY_GR.md
@ -17,6 +17,17 @@

 **Πώς να αναβαθμίσετε**: Ανοίξτε την γραμμή εντολών σας και εκτελέστε αυτήν την εντολή: `go get -u github.com/kataras/iris`  ή αφήστε το αυτόματο updater να το κάνει αυτό για σας.

+# Tu, 16 Jenuary 2018 | v10.0.2
+
+## Ασφάλεια | `iris.AutoTLS`
+
+**Όλοι οι servers πρέπει να αναβαθμιστούν σε αυτήν την έκδοση**, περιέχει διορθώσεις για το _tls-sni challenge_ το οποίο απενεργοποιήθηκε μερικές μέρες πριν από το letsencrypt.org το οποίο προκάλεσε σχεδόν όλα τα golang https-ενεργποιημένα servers να να μην είναι σε θέση να λειτουργήσουν, έτσι υποστήριξη για το _http-01 challenge_ προστέθηκε σαν αναπλήρωση. Πλέον ο διακομιστής δοκιμάζει όλες τις διαθέσιμες προκλήσεις(challeneges) letsencrypt.
+
+Διαβάστε περισσότερα:
+
+- https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/5a55777ed9a9c1024c00b241
+- https://github.com/golang/crypto/commit/13931e22f9e72ea58bb73048bc752b48c6d4d4ac
+
 # Mo, 15 Jenuary 2018 | v10.0.1

 - διόρθωση του cache handler που δεν δούλευε όπως έπρεπε όταν γινόταν εγγραφή σε πάνω από ένα handler, παλιότερα ήταν ένα cache handler προς ένα route handler, τώρα το ίδιο handler μπορεί να καταχωρηθεί σε όσα route handlers θέλετε https://github.com/kataras/iris/pull/852, όπως είχε αναφερθεί στο https://github.com/kataras/iris/issues/850
--- a/HISTORY_ZH.md
+++ b/HISTORY_ZH.md
@ -17,6 +17,10 @@

 **如何升级**: 打开命令行执行以下命令: `go get -u github.com/kataras/iris` 或者等待自动更新。

+# Tu, 16 Jenuary 2018 | v10.0.2
+
+Translation is not available yet, please take a look at the [english version of this history entry](https://github.com/kataras/iris/blob/master/HISTORY.md#tu-16-jenuary-2018--v1002) instead.
+
 # 2018 1月15号 | v10.0.1 版本更新

 该版本暂未发现重大问题，但如果你使用 [cache](cache) 包的话，这里有些更新或许正好解决某些问题。
--- a/README.md
+++ b/README.md
@ -106,7 +106,7 @@ _Updated at: [Tuesday, 21 November 2017](_benchmarks/README_UNIX.md)_

 ## Support

- [HISTORY](HISTORY.md#mo-15-jenuary-2018--v1001) file is your best friend, it contains information about the latest features and changes
+- [HISTORY](HISTORY.md#tu-16-jenuary-2018--v1002) file is your best friend, it contains information about the latest features and changes
 - Did you happen to find a bug? Post it at [github issues](https://github.com/kataras/iris/issues)
 - Do you have any questions or need to speak with someone experienced to solve a problem at real-time? Join us to the [community chat](https://chat.iris-go.com)
 - Complete our form-based user experience report by clicking [here](https://docs.google.com/forms/d/e/1FAIpQLSdCxZXPANg_xHWil4kVAdhmh7EBBHQZ_4_xSZVDL-oCC_z5pA/viewform?usp=sf_link) 
--- a/README_GR.md
+++ b/README_GR.md
@ -108,7 +108,7 @@ _Η τελευταία ενημέρωση έγινε την [Τρίτη, 21 Νο

 ## Υποστήριξη

- To [HISTORY](HISTORY_GR.md#mo-15-jenuary-2018--v1001) αρχείο είναι ο καλύτερος σας φίλος, περιέχει πληροφορίες σχετικά με τις τελευταίες λειτουργίες(features) και αλλαγές
+- To [HISTORY](HISTORY_GR.md#tu-16-jenuary-2018--v1002) αρχείο είναι ο καλύτερος σας φίλος, περιέχει πληροφορίες σχετικά με τις τελευταίες λειτουργίες(features) και αλλαγές
 - Μήπως τυχαίνει να βρήκατε κάποιο bug; Δημοσιεύστε το στα [github issues](https://github.com/kataras/iris/issues)
 - Έχετε οποιεσδήποτε ερωτήσεις ή πρέπει να μιλήσετε με κάποιον έμπειρο για την επίλυση ενός προβλήματος σε πραγματικό χρόνο; Ελάτε μαζί μας στην [συνομιλία κοινότητας](https://chat.iris-go.com)
 - Συμπληρώστε την αναφορά εμπειρίας χρήστη κάνοντας κλικ [εδώ](https://docs.google.com/forms/d/e/1FAIpQLSdCxZXPANg_xHWil4kVAdhmh7EBBHQZ_4_xSZVDL-oCC_z5pA/viewform?usp=sf_link)
--- a/README_RU.md
+++ b/README_RU.md
@ -106,7 +106,7 @@ _Обновлено: [Вторник, 21 ноября 2017 г.](_benchmarks/READ

 ## Поддержка

- Файл [HISTORY](HISTORY.md#mo-15-jenuary-2018--v1001) - ваш лучший друг, он содержит информацию о последних особенностях и всех изменениях
+- Файл [HISTORY](HISTORY.md#tu-16-jenuary-2018--v1002) - ваш лучший друг, он содержит информацию о последних особенностях и всех изменениях
 - Вы случайно обнаружили ошибку? Опубликуйте ее на [Github вопросы](https://github.com/kataras/iris/issues)
 - У Вас есть какие-либо вопросы или Вам нужно поговорить с кем-то, кто бы смог решить Вашу проблему в режиме реального времени? Присоединяйтесь к нам в [чате сообщества](https://chat.iris-go.com)
 - Заполните наш отчет о пользовательском опыте на основе формы, нажав [здесь](https://docs.google.com/forms/d/e/1FAIpQLSdCxZXPANg_xHWil4kVAdhmh7EBBHQZ_4_xSZVDL-oCC_z5pA/viewform?usp=sf_link) 
--- a/README_ZH.md
+++ b/README_ZH.md
@ -102,7 +102,7 @@ _更新于: [2017年11月21日星期二](_benchmarks/README_UNIX.md)_

 ## 支持

- [更新记录](HISTORY_ZH.md#mo-15-jenuary-2018--v1001) 是您最好的朋友，它包含有关最新功能和更改的信息
+- [更新记录](HISTORY_ZH.md#tu-16-jenuary-2018--v1002) 是您最好的朋友，它包含有关最新功能和更改的信息
 - 你碰巧找到了一个错误？ 请提交 [github issues](https://github.com/kataras/iris/issues)
 - 您是否有任何疑问或需要与有经验的人士交谈以实时解决问题？ [加入我们的聊天](https://chat.iris-go.com)
 - [点击这里完成我们基于表单的用户体验报告](https://docs.google.com/forms/d/e/1FAIpQLSdCxZXPANg_xHWil4kVAdhmh7EBBHQZ_4_xSZVDL-oCC_z5pA/viewform?usp=sf_link) 
--- a/2
+++ b/2
@ -1 +1 @@
-10.0.1:https://github.com/kataras/iris/blob/master/HISTORY.md#mo-15-jenuary-2018--v1001
+10.0.2:https://github.com/kataras/iris/blob/master/HISTORY.md#tu-16-jenuary-2018--v1002
--- a/core/host/supervisor.go
+++ b/core/host/supervisor.go
@ -5,7 +5,6 @@ import (
 	"crypto/tls"
 	"net"
 	"net/http"
-	"net/url"
 	"strings"
 	"sync"
 	"sync/atomic"
@ -285,9 +284,10 @@ func (su *Supervisor) ListenAndServeTLS(certFile string, keyFile string) error {
 // stores and retrieves previously-obtained certificates.
 // If empty, certs will only be cached for the lifetime of the auto tls manager.
 //
-// Note: If domain is not empty and the server's port was "443" then
-// it will start a new server, automatically for you, which will redirect all
-// http versions to their https as well.
+// Note: The domain should be like "iris-go.com www.iris-go.com",
+// the e-mail like "kataras2006@hotmail.com" and the cacheDir like "letscache"
+// The `ListenAndServeAutoTLS` will start a new server for you,
+// which will redirect all http versions to their https, including subdomains as well.
 func (su *Supervisor) ListenAndServeAutoTLS(domain string, email string, cacheDir string) error {
 	var (
 		cache      autocert.Cache
@ -310,7 +310,25 @@ func (su *Supervisor) ListenAndServeAutoTLS(domain string, email string, cacheDi
 		Cache:      cache,
 	}

-	cfg := &tls.Config{
+	srv2 := &http.Server{
+		ReadTimeout:  30 * time.Second,
+		WriteTimeout: 60 * time.Second,
+		Addr:         ":http",
+		Handler:      autoTLSManager.HTTPHandler(nil), // nil for redirect.
+	}
+
+	// register a shutdown callback to this
+	// supervisor in order to close the "secondary redirect server" as well.
+	su.RegisterOnShutdown(func() {
+		// give it some time to close itself...
+		timeout := 5 * time.Second
+		ctx, cancel := context.WithTimeout(context.Background(), timeout)
+		defer cancel()
+		srv2.Shutdown(ctx)
+	})
+	go srv2.ListenAndServe()
+
+	su.Server.TLSConfig = &tls.Config{
 		GetCertificate:           autoTLSManager.GetCertificate,
 		MinVersion:               tls.VersionTLS10,
 		PreferServerCipherSuites: true,
@ -318,40 +336,6 @@ func (su *Supervisor) ListenAndServeAutoTLS(domain string, email string, cacheDi
 			tls.X25519,
 		},
 	}
-
-	su.Server.TLSConfig = cfg
-
-	// Redirect all http://$path requests to their
-	// https://$path versions if a specific domain is passed on
-	// and the port was 443.
-	if hostPolicy != nil && netutil.ResolvePort(su.Server.Addr) == 443 {
-		// find the first domain if more than one.
-		spaceIdx := strings.IndexByte(domain, ' ')
-		if spaceIdx != -1 {
-			domain = domain[0:spaceIdx]
-		}
-		// create the url for the secured server.
-		target, err := url.Parse("https://" + domain)
-		if err != nil {
-			return err
-		}
-
-		// create the redirect server.
-		redirectSrv := NewRedirection(":80", target, -1)
-		// register a shutdown callback to this
-		// supervisor in order to close the "secondary redirect server" as well.
-		su.RegisterOnShutdown(func() {
-			// give it some time to close itself...
-			timeout := 5 * time.Second
-			ctx, cancel := context.WithTimeout(context.Background(), timeout)
-			defer cancel()
-			redirectSrv.Shutdown(ctx)
-		})
-
-		// start that redirect server using a different goroutine.
-		go redirectSrv.ListenAndServe()
-	}
-
 	return su.ListenAndServeTLS("", "")
 }

--- a/core/maintenance/version.go
+++ b/core/maintenance/version.go
@ -13,7 +13,7 @@ import (

 const (
 	// Version is the string representation of the current local Iris Web Framework version.
-	Version = "10.0.1"
+	Version = "10.0.2"
 )

 // CheckForUpdates checks for any available updates
--- a/iris.go
+++ b/iris.go
@ -559,7 +559,7 @@ func TLS(addr string, certFile, keyFile string, hostConfigs ...host.Configurator
 // certifications created on the fly by the "autocert" golang/x package,
 // so localhost may not be working, use it at "production" machine.
 //
-// Addr should have the form of [host]:port, i.e mydomain.com:443 or :443.
+// Addr should have the form of [host]:port, i.e mydomain.com:443.
 //
 // The whitelisted domains are separated by whitespace in "domain" argument,
 // i.e "iris-go.com", can be different than "addr".
@ -572,9 +572,8 @@ func TLS(addr string, certFile, keyFile string, hostConfigs ...host.Configurator
 //
 // For an "e-mail" use a non-public one, letsencrypt needs that for your own security.
 //
-// Note: If domain is not empty and the server's port was "443" then
-// it will start a new server, automatically for you, which will redirect all
-// http versions to their https as well.
+// Note: `AutoTLS` will start a new server for you
+// which will redirect all http versions to their https, including subdomains as well.
 //
 // Last argument is optional, it accepts one or more
 // `func(*host.Configurator)` that are being executed
@ -586,7 +585,7 @@ func TLS(addr string, certFile, keyFile string, hostConfigs ...host.Configurator
 // Look at the `ConfigureHost` too.
 //
 // Usage:
-// app.Run(iris.AutoTLS(":443", "example.com", "mail@example.com"))
+// app.Run(iris.AutoTLS("iris-go.com:443", "iris-go.com www.iris-go.com", "mail@example.com"))
 //
 // See `Run` and `core/host/Supervisor#ListenAndServeAutoTLS` for more.
 func AutoTLS(