From e52a94a3a77b9641951e22f8e0dcb82822c5d601 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Fri, 27 Mar 2026 10:29:49 -0700 Subject: [PATCH] sftpd: use global TLS-aware HTTP client for filer uploads (#8795) * sftpd: use global TLS-aware HTTP client for filer uploads (#8794) putFile() hardcoded http:// and used http.DefaultClient, which broke file uploads when the filer has HTTPS/TLS enabled. Switch to the global HTTP client which reads [https.client] from security.toml and automatically normalizes the URL scheme. * sftpd: propagate NormalizeUrl error instead of swallowing it --- weed/sftpd/sftp_filer.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/weed/sftpd/sftp_filer.go b/weed/sftpd/sftp_filer.go index 93a1d0984..fa69e39f7 100644 --- a/weed/sftpd/sftp_filer.go +++ b/weed/sftpd/sftp_filer.go @@ -21,6 +21,7 @@ import ( weed_server "github.com/seaweedfs/seaweedfs/weed/server" "github.com/seaweedfs/seaweedfs/weed/sftpd/user" "github.com/seaweedfs/seaweedfs/weed/util" + util_http "github.com/seaweedfs/seaweedfs/weed/util/http" "google.golang.org/grpc" ) @@ -322,6 +323,12 @@ func (fs *SftpServer) removeDir(absPath string) error { func (fs *SftpServer) putFile(filepath string, reader io.Reader, user *user.User) error { dir, filename := util.FullPath(filepath).DirAndName() uploadUrl := fmt.Sprintf("http://%s%s", fs.filerAddr, filepath) + // Let the global HTTP client normalize the scheme to https:// when TLS is configured + normalizedUrl, err := util_http.NormalizeUrl(uploadUrl) + if err != nil { + return fmt.Errorf("normalize upload url %q: %w", uploadUrl, err) + } + uploadUrl = normalizedUrl // Compute MD5 while uploading hash := md5.New() @@ -342,7 +349,7 @@ func (fs *SftpServer) putFile(filepath string, reader io.Reader, user *user.User } } - resp, err := http.DefaultClient.Do(req) + resp, err := util_http.Do(req) if err != nil { return fmt.Errorf("upload to filer: %w", err) }