fix: ignore https redirect for DERP meshing

coadler · coadler · commit 243b6afcc3cb · 2023-11-16T19:45:24.000Z
diff --git a/cli/cliutil/sink_test.go b/cli/cliutil/sink_test.go
@@ -11,7 +11,7 @@ import (
 
 func TestDiscardAfterClose(t *testing.T) {
 	t.Parallel()
-	exErr := errors.New("test")
+	exErr := xerrors.New("test")
 	fwc := &fakeWriteCloser{err: exErr}
 	uut := cliutil.DiscardAfterClose(fwc)
 
diff --git a/cli/server.go b/cli/server.go
@@ -897,7 +897,7 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 			// the request is not to a local IP.
 			var handler http.Handler = coderAPI.RootHandler
 			if vals.RedirectToAccessURL {
-				handler = redirectToAccessURL(handler, vals.AccessURL.Value(), tunnel != nil, appHostnameRegex)
+				handler = redirectToAccessURL(handler, vals.AccessURL.Value(), tunnel != nil, appHostnameRegex, options.IgnoreRedirectHostnames...)
 			}
 
 			// ReadHeaderTimeout is purposefully not enabled. It caused some
@@ -1916,7 +1916,7 @@ func ConfigureHTTPClient(ctx context.Context, clientCertFile, clientKeyFile stri
 }
 
 // nolint:revive
-func redirectToAccessURL(handler http.Handler, accessURL *url.URL, tunnel bool, appHostnameRegex *regexp.Regexp) http.Handler {
+func redirectToAccessURL(handler http.Handler, accessURL *url.URL, tunnel bool, appHostnameRegex *regexp.Regexp, ignoreHosts ...string) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		redirect := func() {
 			http.Redirect(w, r, accessURL.String(), http.StatusTemporaryRedirect)
@@ -1945,6 +1945,13 @@ func redirectToAccessURL(handler http.Handler, accessURL *url.URL, tunnel bool,
 			return
 		}
 
+		for _, ignore := range ignoreHosts {
+			if r.Host == ignore {
+				handler.ServeHTTP(w, r)
+				return
+			}
+		}
+
 		redirect()
 	})
 }
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -120,9 +120,10 @@ type Options struct {
 	RealIPConfig                   *httpmw.RealIPConfig
 	TrialGenerator                 func(ctx context.Context, email string) error
 	// TLSCertificates is used to mesh DERP servers securely.
-	TLSCertificates    []tls.Certificate
-	TailnetCoordinator tailnet.Coordinator
-	DERPServer         *derp.Server
+	TLSCertificates         []tls.Certificate
+	TailnetCoordinator      tailnet.Coordinator
+	IgnoreRedirectHostnames []string
+	DERPServer              *derp.Server
 	// BaseDERPMap is used as the base DERP map for all clients and agents.
 	// Proxies are added to this list.
 	BaseDERPMap                 *tailcfg.DERPMap
diff --git a/enterprise/cli/server.go b/enterprise/cli/server.go
@@ -75,6 +75,9 @@ func (r *RootCmd) Server(_ func()) *clibase.Cmd {
 
 			CheckInactiveUsersCancelFunc: dormancy.CheckInactiveUsers(ctx, options.Logger, options.Database),
 		}
+		if o.DERPServerRelayAddress != "" {
+			o.Options.IgnoreRedirectHostnames = append(o.Options.IgnoreRedirectHostnames, o.DERPServerRelayAddress)
+		}
 
 		if encKeys := options.DeploymentValues.ExternalTokenEncryptionKeys.Value(); len(encKeys) != 0 {
 			keys := make([][]byte, 0, len(encKeys))
diff --git a/enterprise/coderd/coderd.go b/enterprise/coderd/coderd.go
@@ -14,12 +14,11 @@ import (
 	"sync"
 	"time"
 
-	"golang.org/x/xerrors"
-	"tailscale.com/tailcfg"
-
 	"github.com/cenkalti/backoff/v4"
 	"github.com/go-chi/chi/v5"
 	"github.com/prometheus/client_golang/prometheus"
+	"golang.org/x/xerrors"
+	"tailscale.com/tailcfg"
 
 	"cdr.dev/slog"
 	"github.com/coder/coder/v2/coderd"
diff --git a/enterprise/replicasync/replicasync.go b/enterprise/replicasync/replicasync.go
@@ -36,8 +36,9 @@ type Options struct {
 	TLSConfig       *tls.Config
 }
 
-// New registers the replica with the database and periodically updates to ensure
-// it's healthy. It contacts all other alive replicas to ensure they are reachable.
+// New registers the replica with the database and periodically updates to
+// ensure it's healthy. It contacts all other alive replicas to ensure they are
+// reachable.
 func New(ctx context.Context, logger slog.Logger, db database.Store, ps pubsub.Pubsub, options *Options) (*Manager, error) {
 	if options == nil {
 		options = &Options{}

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,9 @@ func (r RootCmd) Server(_ func()) clibase.Cmd {`
`75`	`75`
`76`	`76`	`CheckInactiveUsersCancelFunc: dormancy.CheckInactiveUsers(ctx, options.Logger, options.Database),`
`77`	`77`	`}`
	`78`	`+ if o.DERPServerRelayAddress != "" {`
	`79`	`+ o.Options.IgnoreRedirectHostnames = append(o.Options.IgnoreRedirectHostnames, o.DERPServerRelayAddress)`
	`80`	`+ }`
`78`	`81`
`79`	`82`	`if encKeys := options.DeploymentValues.ExternalTokenEncryptionKeys.Value(); len(encKeys) != 0 {`
`80`	`83`	`keys := make([][]byte, 0, len(encKeys))`