HTTP to HTTPS redirection not working?

[tadghh]

A client connects to a server using rustls 0.22.4/0.22.2, connections to HTTPS are successful but HTTP are not. I'm assuming they would be upgraded to HTTPS automatically as that is mentioned in the HTTP2 documentation on the Actix Website

Im using the example rustls project provided in this repo. When connecting via http the website just displays below. And to clarify I'm expecting that we would redirect to HTTPS.

Does this situation fall under below

Is there perhaps something I'm missing, or is this a known issue? Thanks.

[robjtede]

the website actually states that:

automatically upgrades connections to HTTP/2 if possible.

no automatic HTTPS redirects are done, but that are very easy with an off-the-shelf middleware: https://docs.rs/actix-web-lab/latest/actix_web_lab/middleware/struct.RedirectHttps.html

[tadghh]

Still not working for me, perhaps im missing something else. Do you have more resources I could look at?

[robjtede]

Do you have any non-working sample code for me to check out?

[tadghh]

Do you have any non-working sample code for me to check out?

Yeah I should have provided that hehe. I'm a junior so it might be something silly.

#[cfg(feature = "ssr")]
#[actix_web::main]
async fn main() -> std::io::Result<()> {
    use actix_files::Files;
    use actix_web::{middleware, web, App, HttpServer};
    use leptos::get_configuration;
    use leptos_actix::{generate_route_list, handle_server_fns, LeptosRoutes};
    use tadgh_blog_leptos::app::*;
		use actix_web_lab::{header::StrictTransportSecurity, middleware::RedirectHttps};

    tadgh_blog_leptos::server_functions::database::init_db().await;

    let conf = get_configuration(None).await.unwrap();
    let addr = conf.leptos_options.site_addr;

    let routes = generate_route_list(App);
    println!("listening on https://{}", &addr);

    HttpServer::new(move || {
        let leptos_options = &conf.leptos_options;
        let site_root = &leptos_options.site_root;

        App::new()
						.wrap(RedirectHttps::default())
            .wrap(middleware::Compress::default())
            // .service(
            //     web::resource("/pkg/tadgh-blog-leptos.wasm").route(web::get().to(wasm_handler)),
            // )
            .service(Files::new("/pkg", format!("{site_root}/pkg")))
            .route("/api/*fn_name", handle_server_fns())
            .service(Files::new("/public", site_root))
            .service(Files::new("/resources", "./resources").show_files_listing())
            .leptos_routes(leptos_options.to_owned(), routes.to_owned(), App)
            // Also tried placing the redirect wrapper after routes 
						.app_data(web::Data::new(leptos_options.to_owned()))

    })
    .bind_rustls_0_22(&addr, load_rustls_config())?
    .run()
    .await
}

[robjtede]

you need to bind a non-TLS port too

      .bind_rustls_0_22(&addr, load_rustls_config())?
+     .bind("0.0.0.0:80")

[tadghh]

you need to bind a non-TLS port too

      .bind_rustls_0_22(&addr, load_rustls_config())?
+     .bind("0.0.0.0:80")

Lol that would explain it. Thanks for helping, its working correctly now!

[mattheo-br]

Hi, i'm having the same problem. Going to http://127.0.0.1:8080 gives me the same (wrong) output as @tadghh. Also, it does not redirect me to https://127.0.0.1:8080 as i would want it to. My code is quite similar to the solution suggested here, so i don't know where the Problem is.

#![feature(hint_must_use)]
#![feature(duration_constructors)]

use actix_files::Files;
use actix_session::SessionMiddleware;
use actix_web::middleware::{from_fn, Logger};
use actix_web::{
    get,
    http::StatusCode,
    middleware::ErrorHandlers,
    web::{self, Data},
    HttpRequest, HttpServer, Responder,
};
use actix_web_httpauth::extractors::bearer;
use actix_web_httpauth::middleware::HttpAuthentication;
use rustls::pki_types::PrivateKeyDer;
use rustls_pemfile::{certs, pkcs8_private_keys};
use core::str::FromStr;
use std::fs::File;
use std::time::Duration;
use sqlx::postgres::{PgConnectOptions, PgPoolOptions};
use sqlx::ConnectOptions;
use std::env::{self, VarError};
use std::io::{BufReader, Error as IoError, ErrorKind};
use std::num::ParseIntError;
use thiserror::Error;

use actix_identity::Identity;
use actix_identity::IdentityMiddleware;
use actix_web_lab::{header::StrictTransportSecurity, middleware::RedirectHttps};

mod error;
mod middleware;
mod routes;
mod templates;
mod session;
pub(crate) use error::Error;
use libtix::user::seed_users;

#[actix_web::main]
async fn main() -> std::io::Result<()> {
    let env_vars = EnvVars::try_new().map_err(|x| IoError::new(ErrorKind::Other, x))?;
    env_logger::builder()
        .filter_level(log::LevelFilter::from_str(&env_vars.log_level).unwrap())
        .init();

    let pg_conn_opts = PgConnectOptions::from_str(&env_vars.database_url)
        .map_err(|x| IoError::new(ErrorKind::Other, x))?
        .log_statements(log::LevelFilter::Info);

    let pool = PgPoolOptions::new()
        .max_connections(20)
        .connect_with(pg_conn_opts)
        .await
        .unwrap();

    // Seeds the database - just adds one regular user to the database
    seed_users(&pool).await.unwrap();

    let tls_conf = load_rustls_config(&env_vars);

    let session_cache = crate::session::SessionCache::default();
    let key = actix_web::cookie::Key::generate();

    HttpServer::new(move || {
        let app = App { db: pool.clone() };

        actix_web::App::new()
            .wrap(RedirectHttps::default()) //redirect http -> https
            .wrap(ErrorHandlers::new().handler(StatusCode::INTERNAL_SERVER_ERROR, error::display))
            .wrap(Logger::default())
            .wrap(IdentityMiddleware::builder().visit_deadline(
                Some(Duration::from_hours(1))
            ).build())
            .wrap(SessionMiddleware::builder(
                session_cache.clone(),
                key.clone()
                ).cookie_secure(false).build()
            )
            .app_data(web::Data::new(app))
            .service(Files::new("/js", "frontend/js"))
            .service(routes::index::index)
            .service(routes::application::grant::add_row)
            .service(routes::application::grant::show)
            .service(routes::user::login::get)
            .service(routes::user::login::post)
    })
    .bind_rustls_0_23((env_vars.bind_addr, env_vars.bind_port), tls_conf)?
    .bind("0.0.0.0:80").expect("Failed to bind HTTP server")
    .run()
    .await
}

[robjtede]

Your HTTP (non-TLS) port is bound as :80 there so you need to go to http://127.0.0.1, not :8080.