diff --git a/cmd/console/server.go b/cmd/console/server.go index affbcf8b7..1faf1f212 100644 --- a/cmd/console/server.go +++ b/cmd/console/server.go @@ -57,6 +57,11 @@ var serverCmd = cli.Command{ Value: restapi.GetTLSPort(), Usage: "HTTPS server port", }, + cli.StringFlag{ + Name: "tls-redirect", + Value: restapi.GetTLSRedirect(), + Usage: "HTTPS redirect by default", + }, cli.StringFlag{ Name: "certs-dir", Value: certs.GlobalCertsCADir.Get(), @@ -125,7 +130,7 @@ func startServer(ctx *cli.Context) error { // Need to store tls-port, tls-host un config variables so secure.middleware can read from there restapi.TLSPort = fmt.Sprintf("%v", ctx.Int("tls-port")) restapi.TLSHostname = ctx.String("tls-host") - restapi.TLSRedirect = "on" + restapi.TLSRedirect = ctx.String("tls-redirect") } server.ConfigureAPI() diff --git a/restapi/config.go b/restapi/config.go index 299e8d562..5b23bac06 100644 --- a/restapi/config.go +++ b/restapi/config.go @@ -29,29 +29,34 @@ import ( "github.com/minio/minio/pkg/env" ) -// Port console default port -var Port = "9090" +var ( + // Port console default port + Port = "9090" -// Hostname console hostname -var Hostname = "0.0.0.0" + // Hostname console hostname + Hostname = "0.0.0.0" -// TLSHostname console tls hostname -var TLSHostname = "0.0.0.0" + // TLSHostname console tls hostname + TLSHostname = "0.0.0.0" -// TLSPort console tls port -var TLSPort = "9443" + // TLSPort console tls port + TLSPort = "9443" -// TLSRedirect console tls redirect rule -var TLSRedirect = "off" + // TLSRedirect console tls redirect rule + TLSRedirect = "on" -var SessionDuration = 45 * time.Minute + // SessionDuration cookie validity duration + SessionDuration = 45 * time.Minute +) -var logSearchAPI string -var logSearchURL string -var prometheusURL string -var consoleImage string +var ( + logSearchAPI string + logSearchURL string + prometheusURL string + consoleImage string -var once sync.Once + once sync.Once +) func getMinIOServer() string { return strings.TrimSpace(env.Get(ConsoleMinIOServer, "http://localhost:9000")) @@ -121,6 +126,11 @@ func GetTLSPort() int { return port } +// If GetTLSRedirect is set to true, then only allow HTTPS requests. Default is true. +func GetTLSRedirect() string { + return strings.ToLower(env.Get(ConsoleSecureTLSRedirect, TLSRedirect)) +} + // Get secure middleware env variable configurations func getSecureAllowedHosts() []string { allowedHosts := env.Get(ConsoleSecureAllowedHosts, "") @@ -171,11 +181,6 @@ func getSecureHostsProxyHeaders() []string { return []string{} } -// If TLSRedirect is set to true, then only allow HTTPS requests. Default is true. -func getTLSRedirect() bool { - return strings.ToLower(env.Get(ConsoleSecureTLSRedirect, TLSRedirect)) == "on" -} - // TLSHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host. func getSecureTLSHost() string { return env.Get(ConsoleSecureTLSHost, fmt.Sprintf("%s:%s", TLSHostname, TLSPort)) diff --git a/restapi/configure_console.go b/restapi/configure_console.go index 8518d70c7..920bb635e 100644 --- a/restapi/configure_console.go +++ b/restapi/configure_console.go @@ -189,7 +189,7 @@ func setupGlobalMiddleware(handler http.Handler) http.Handler { AllowedHosts: getSecureAllowedHosts(), AllowedHostsAreRegex: getSecureAllowedHostsAreRegex(), HostsProxyHeaders: getSecureHostsProxyHeaders(), - SSLRedirect: getTLSRedirect(), + SSLRedirect: GetTLSRedirect() == "on", SSLHost: getSecureTLSHost(), STSSeconds: getSecureSTSSeconds(), STSIncludeSubdomains: getSecureSTSIncludeSubdomains(),