From 423e42ef6efe8a434349ce0a501d0a89d9abcac2 Mon Sep 17 00:00:00 2001
From: girst <tobi@isticktoit.net>
Date: Sat, 10 Oct 2020 17:59:54 +0200
Subject: [PATCH] implement a tiny port80-to-443 redirector

---
 INSTALL.md                          | 15 ++++++++++-----
 config/subscriptions-port80.service | 14 ++++++++++++++
 2 files changed, 24 insertions(+), 5 deletions(-)
 create mode 100644 config/subscriptions-port80.service

diff --git a/INSTALL.md b/INSTALL.md
index 179c6c7..57b9060 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -44,11 +44,16 @@ server.
 `gthread` instead.  If you are using the in-memory requests-cache, do not use
 more than 1 process, or the cache will be useless!
 
-If you want to use the included systemd unit files, point `WorkingDirectory=`
-to the location of the repository, `Environment=PATH=` to the location of the
-virtualenv's `bin/` directory and `Environment=YT_CONFIG=` to your `config.ini`
-(if you aren't using `/etc/yt/config.ini`), as well as the gunicorn config
-path. Then copy them to `/etc/systemd/system/`.
+If you want to use the included systemd unit files
+(`subscriptions-frontend.service` and optionally
+`subscriptions-webhooks.service`), point `WorkingDirectory=` to the location of
+the repository, `Environment=PATH=` to the location of the virtualenv's `bin/`
+directory and `Environment=YT_CONFIG=` to your `config.ini` (if you aren't
+using `/etc/yt/config.ini`), as well as the gunicorn config path. Then copy
+them to `/etc/systemd/system/`.
+A HTTP-to-HTTPS redirect "server" is available as
+`subscriptions-port80.service` (requires netcat(1)); it needs the domain name
+of your instance in `Environment=DOMAIN=`.
 
 **Do not start the frontend before the database and cronjobs are in place!**
 
diff --git a/config/subscriptions-port80.service b/config/subscriptions-port80.service
new file mode 100644
index 0000000..92f937d
--- /dev/null
+++ b/config/subscriptions-port80.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Subscriptions Port 80 to 443 Redirect
+After=network.target
+
+[Service]
+# Set the domain of your instance here:
+Environment=DOMAIN=subscriptions.gir.st
+
+Type=simple
+ExecStart=/usr/bin/nc -lkc 'read method path http; printf "HTTP/1.1 308 Moved\r\nLocation: https://${DOMAIN}%%s\r\n\r\n" "$path"' 80
+Restart=always  # NOTE^: must to escape % in ExecStart, or systemd replaces %s with $SHELL
+
+[Install]
+WantedBy=multi-user.target
-- 
2.39.3