Title: Scheme redirect in RedirectAction
Description:
Currently (in the routing system) the only way to redirect a request from HTTP to HTTPS is to set the require_tls field in a VirtualHost to true. The problem with this is that it redirects any and all requests to the virtual host to HTTPS. Generally, this is a good idea, but sometimes it is desirable to only redirect certain routes.
For example, my use case is that I'd like all requests to be redirected to HTTPS except for requests to the path /.well-known/acme-challenge/ so that a different cluster can serve ACME HTTP challenge requests from that path in order to issue certificates for the domain.
It would be useful if RedirectAction supported a field named something like scheme_redirect which could swap the scheme portion of the URL with a new value. That way, the HTTPS redirect could be served only on a specific Route, rather than the virtual host as a whole.
HAProxy has an option that is something like this with its redirect scheme option.
Alternatively, an approach like #2343 could give the flexibility to do this and might produce a solution that is closer to what one would do with Nginx: return 301 https://$host$request_uri;
I did ask about this on the Envoy Slack and was told that it would be an easy feature to add. I could try make the code change myself, but wanted to start out with an issue.
Title: Scheme redirect in RedirectAction
Description:
Currently (in the routing system) the only way to redirect a request from HTTP to HTTPS is to set the
require_tlsfield in aVirtualHostto true. The problem with this is that it redirects any and all requests to the virtual host to HTTPS. Generally, this is a good idea, but sometimes it is desirable to only redirect certain routes.For example, my use case is that I'd like all requests to be redirected to HTTPS except for requests to the path
/.well-known/acme-challenge/so that a different cluster can serve ACME HTTP challenge requests from that path in order to issue certificates for the domain.It would be useful if
RedirectActionsupported a field named something likescheme_redirectwhich could swap the scheme portion of the URL with a new value. That way, the HTTPS redirect could be served only on a specific Route, rather than the virtual host as a whole.HAProxy has an option that is something like this with its
redirect schemeoption.Alternatively, an approach like #2343 could give the flexibility to do this and might produce a solution that is closer to what one would do with Nginx:
return 301 https://$host$request_uri;I did ask about this on the Envoy Slack and was told that it would be an easy feature to add. I could try make the code change myself, but wanted to start out with an issue.