Invalid HTTPS redirect with non-standard update port when host certificates defined

[andig]

Split from #78 (comment). If you have a default gok instance with non-standard update port like this:

  "Update": {
      "HTTPPort": "8080",
      "HTTPPassword": "..."
  },

This instance will create a wrong HTTPS redirect on port 8080 when a hosts entry with certificates is present ~/Library/Application\ Support/gokrazy/hosts/.

To reproduce run via gok vm with -netdev for the additional forward:

❯ ls ~/Library/Application\ Support/gokrazy/hosts/mac/
cert.pem key.pem

gok vm run -i mac --netdev user,id=net0,hostfwd=tcp::8080-:80,hostfwd=tcp::8022-:22,hostfwd=tcp::8888-:8080

...

[qemu-system-aarch64 -name mac -boot order=d -drive file=/var/folders/sv/rs_453y57xj86xsbz3kw1mbc0000gn/T/gokrazy-vm2286943020,format=raw -device i6300esb,id=watchdog0 -watchdog-action reset -smp 8 -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::8080-:80,hostfwd=tcp::8022-:22,hostfwd=tcp::8888-:8080 -m 1024 -machine virt,highmem=off -cpu cortex-a72 -bios /var/folders/sv/rs_453y57xj86xsbz3kw1mbc0000gn/T/gokrazy-vm3762830734/arm64-QEMU_EFI.fd -accel hvf]

...

curl -v http://localhost:8888 -u gokrazy:$(jq -r .Update.HTTPPassword < ~/gokrazy/mac/config.json) --basic

< HTTP/1.1 302 Found
< Content-Type: text/html; charset=utf-8
< Location: https://localhost:8888:8080/
< Date: Tue, 28 Jan 2025 09:28:47 GMT
< Content-Length: 51
< 
<a href="https://localhost:8888:8080/">Found</a>.

I could not test this on a real device.

[stapelberg]

Should be fixed after a GOPROXY=direct gok get github.com/gokrazy/gokrazy@main (version v0.0.0-20250128195218-b3656e138176 or newer)