fixed http redirect to https when no cert available

go.mod

@@ -16,9 +16,9 @@ require (
 require (
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
-	github.com/cloudflare/cloudflare-go v0.91.0 // indirect
+	github.com/cloudflare/cloudflare-go v0.92.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
-	github.com/distribution/reference v0.5.0 // indirect
+	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect

go.sum

@@ -12,6 +12,8 @@ github.com/cloudflare/cloudflare-go v0.86.0 h1:jEKN5VHNYNYtfDL2lUFLTRo+nOVNPFxpX
 github.com/cloudflare/cloudflare-go v0.86.0/go.mod h1:wYW/5UP02TUfBToa/yKbQHV+r6h1NnJ1Je7XjuGM4Jw=
 github.com/cloudflare/cloudflare-go v0.91.0 h1:L7IR+86qrZuEMSjGFg4cwRwtHqC8uCPmMUkP7BD4CPw=
 github.com/cloudflare/cloudflare-go v0.91.0/go.mod h1:nUqvBUUDRxNzsDSQjbqUNWHEIYAoUlgRmcAzMKlFdKs=
+github.com/cloudflare/cloudflare-go v0.92.0 h1:ltJvGvqZ4G6Fm2hHOYZ5RWpJQcrM0oDrsjjZydZhFJQ=
+github.com/cloudflare/cloudflare-go v0.92.0/go.mod h1:nUqvBUUDRxNzsDSQjbqUNWHEIYAoUlgRmcAzMKlFdKs=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -19,6 +21,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
 github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
+github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/docker/cli v26.0.0+incompatible h1:90BKrx1a1HKYpSnnBFR6AgDq/FqkHxwlUyzJVPxD30I=
 github.com/docker/cli v26.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/docker v26.0.0+incompatible h1:Ng2qi+gdKADUa/VM+6b6YaY2nlZhk/lVJiKR/2bMudU=

src/go-proxy/server.go

@@ -40,6 +40,7 @@ func (l LogrusWrapper) Write(b []byte) (int, error) {
 
 func NewServer(opt ServerOptions) *Server {
 	var httpHandler http.Handler
+	var s *Server
 	if opt.RedirectToHTTPS {
 		httpHandler = http.HandlerFunc(redirectToTLSHandler)
 	} else {
@@ -50,7 +51,7 @@ func NewServer(opt ServerOptions) *Server {
 		logrus.WithFields(logrus.Fields{"component": "server", "name": opt.Name}),
 	})
 	if opt.CertProvider != nil {
-		return &Server{
+		s = &Server{
 			Name:         opt.Name,
 			CertProvider: opt.CertProvider,
 			http: &http.Server{
@@ -68,7 +69,7 @@ func NewServer(opt ServerOptions) *Server {
 			},
 		}
 	}
-	return &Server{
+	s = &Server{
 		Name:     opt.Name,
 		KeyFile:  keyFileDefault,
 		CertFile: certFileDefault,
@@ -83,6 +84,10 @@ func NewServer(opt ServerOptions) *Server {
 			ErrorLog: logger,
 		},
 	}
+	if !s.certsOK() {
+		s.http.Handler = opt.Handler
+	}
+	return s
 }
 
 func (s *Server) Start() {
@@ -95,7 +100,7 @@ func (s *Server) Start() {
 		}()
 	}
 
-	if s.https != nil && (s.CertProvider != nil || utils.fileOK(s.CertFile) && utils.fileOK(s.KeyFile)) {
+	if s.https != nil && (s.CertProvider != nil || s.certsOK()) {
 		s.httpsStarted = true
 		logrus.Printf("starting https %s server on %s", s.Name, s.https.Addr)
 		go func() {
@@ -129,3 +134,7 @@ func (s *Server) handleErr(scheme string, err error) {
 		logrus.Fatalf("failed to start %s %s server: %v", scheme, s.Name, err)
 	}
 }
+
+func (s *Server) certsOK() bool {
+	return utils.fileOK(s.CertFile) && utils.fileOK(s.KeyFile)
+}