tls-disable-redirect -> tls-redirect

Turning off the redirect previously involved setting its `disabled`
value to `true`, which works fine but in retrospect feels a little like
a double negative. Instead we can have a `tls-redirect` option that
defaults to `true`, but can be set to `false` if we want to turn the
behaviour off.

Author: kevinmcconnell

internal/cmd/deploy.go

@@ -36,7 +36,7 @@ func newDeployCommand() *deployCommand {
 	deployCommand.cmd.Flags().BoolVar(&deployCommand.tlsStaging, "tls-staging", false, "Use Let's Encrypt staging environment for certificate provisioning")
 	deployCommand.cmd.Flags().StringVar(&deployCommand.args.ServiceOptions.TLSCertificatePath, "tls-certificate-path", "", "Configure custom TLS certificate path (PEM format)")
 	deployCommand.cmd.Flags().StringVar(&deployCommand.args.ServiceOptions.TLSPrivateKeyPath, "tls-private-key-path", "", "Configure custom TLS private key path (PEM format)")
-	deployCommand.cmd.Flags().BoolVar(&deployCommand.args.ServiceOptions.TLSDisableRedirect, "tls-disable-redirect", false, "Don't redirect HTTP traffic to HTTPS")
+	deployCommand.cmd.Flags().BoolVar(&deployCommand.args.ServiceOptions.TLSRedirect, "tls-redirect", true, "Redirect HTTP traffic to HTTPS")
 
 	deployCommand.cmd.Flags().DurationVar(&deployCommand.args.DeployTimeout, "deploy-timeout", server.DefaultDeployTimeout, "Maximum time to wait for the new target to become healthy")
 	deployCommand.cmd.Flags().DurationVar(&deployCommand.args.DrainTimeout, "drain-timeout", server.DefaultDrainTimeout, "Maximum time to allow existing connections to drain before removing old target")

internal/server/router_test.go

@@ -482,7 +482,7 @@ func TestRouter_RestoreLastSavedState(t *testing.T) {
 
 	router := NewRouter(statePath)
 	require.NoError(t, router.SetServiceTarget("default", defaultEmptyHosts, defaultPaths, first, defaultServiceOptions, defaultTargetOptions, DefaultDeployTimeout, DefaultDrainTimeout))
-	require.NoError(t, router.SetServiceTarget("other1", []string{"other.example.com"}, defaultPaths, second, ServiceOptions{TLSEnabled: true}, defaultTargetOptions, DefaultDeployTimeout, DefaultDrainTimeout))
+	require.NoError(t, router.SetServiceTarget("other1", []string{"other.example.com"}, defaultPaths, second, ServiceOptions{TLSEnabled: true, TLSRedirect: true}, defaultTargetOptions, DefaultDeployTimeout, DefaultDrainTimeout))
 	require.NoError(t, router.SetServiceTarget("other2", []string{"other.example.com"}, []string{"/api"}, third, defaultServiceOptions, defaultTargetOptions, DefaultDeployTimeout, DefaultDrainTimeout))
 
 	statusCode, body := sendGETRequest(router, "http://something.example.com/")

internal/server/service.go

@@ -69,7 +69,7 @@ type ServiceOptions struct {
 	TLSEnabled         bool   `json:"tls_enabled"`
 	TLSCertificatePath string `json:"tls_certificate_path"`
 	TLSPrivateKeyPath  string `json:"tls_private_key_path"`
-	TLSDisableRedirect bool   `json:"tls_disable_redirect"`
+	TLSRedirect        bool   `json:"tls_redirect"`
 	ACMEDirectory      string `json:"acme_directory"`
 	ACMECachePath      string `json:"acme_cache_path"`
 	ErrorPagePath      string `json:"error_page_path"`
@@ -394,7 +394,7 @@ func (s *Service) serviceRequestWithTarget(w http.ResponseWriter, r *http.Reques
 }
 
 func (s *Service) shouldRedirectToHTTPS(r *http.Request) bool {
-	return s.options.TLSEnabled && !s.options.TLSDisableRedirect && r.TLS == nil
+	return s.options.TLSEnabled && s.options.TLSRedirect && r.TLS == nil
 }
 
 func (s *Service) handlePausedAndStoppedRequests(w http.ResponseWriter, r *http.Request) bool {

internal/server/service_map.go

@@ -160,10 +160,10 @@ func (m *ServiceMap) syncTLSOptionsFromRootDomain() {
 			rootService := m.ServiceForHost(host)
 			if rootService != nil {
 				service.options.TLSEnabled = rootService.options.TLSEnabled
-				service.options.TLSDisableRedirect = rootService.options.TLSDisableRedirect
+				service.options.TLSRedirect = rootService.options.TLSRedirect
 			} else {
 				service.options.TLSEnabled = defaultServiceOptions.TLSEnabled
-				service.options.TLSDisableRedirect = defaultServiceOptions.TLSDisableRedirect
+				service.options.TLSRedirect = defaultServiceOptions.TLSRedirect
 			}
 		}
 	}

internal/server/service_map_test.go

@@ -73,8 +73,8 @@ func TestServiceMap_CheckAvailability(t *testing.T) {
 
 func TestServiceMap_SyncingTLSSettingsFromRootPath(t *testing.T) {
 	optionsWithTLS := ServiceOptions{
-		TLSEnabled:         true,
-		TLSDisableRedirect: true,
+		TLSEnabled:  true,
+		TLSRedirect: false,
 	}
 
 	sm := NewServiceMap()
@@ -84,19 +84,19 @@ func TestServiceMap_SyncingTLSSettingsFromRootPath(t *testing.T) {
 	sm.Set(normalizedService(&Service{name: "4", hosts: []string{"2.example.com"}, pathPrefixes: []string{"/api"}}))
 
 	assert.True(t, sm.Get("1").options.TLSEnabled)
-	assert.True(t, sm.Get("1").options.TLSDisableRedirect)
+	assert.False(t, sm.Get("1").options.TLSRedirect)
 	assert.True(t, sm.Get("2").options.TLSEnabled)
-	assert.True(t, sm.Get("2").options.TLSDisableRedirect)
+	assert.False(t, sm.Get("2").options.TLSRedirect)
 
 	assert.False(t, sm.Get("3").options.TLSEnabled)
-	assert.False(t, sm.Get("3").options.TLSDisableRedirect)
+	assert.True(t, sm.Get("3").options.TLSRedirect)
 	assert.False(t, sm.Get("4").options.TLSEnabled)
-	assert.False(t, sm.Get("4").options.TLSDisableRedirect)
+	assert.True(t, sm.Get("4").options.TLSRedirect)
 
 	sm.Remove("1")
 
 	assert.False(t, sm.Get("2").options.TLSEnabled)
-	assert.False(t, sm.Get("2").options.TLSDisableRedirect)
+	assert.True(t, sm.Get("2").options.TLSRedirect)
 }
 
 func TestServiceMap_CheckHostAvailability_EmptyHostsFirst(t *testing.T) {

internal/server/service_test.go

@@ -25,7 +25,7 @@ func TestService_ServeRequest(t *testing.T) {
 }
 
 func TestService_RedirectToHTTPSWhenTLSRequired(t *testing.T) {
-	service := testCreateService(t, []string{"example.com"}, ServiceOptions{TLSEnabled: true}, defaultTargetOptions)
+	service := testCreateService(t, []string{"example.com"}, ServiceOptions{TLSEnabled: true, TLSRedirect: true}, defaultTargetOptions)
 
 	require.True(t, service.options.TLSEnabled)
 
@@ -46,7 +46,7 @@ func TestService_RedirectToHTTPSWhenTLSRequired(t *testing.T) {
 func TestService_DontRedirectToHTTPSWhenTLSAndPlainHTTPAllowed(t *testing.T) {
 	var forwardedProto string
 
-	service := testCreateServiceWithHandler(t, []string{"example.com"}, ServiceOptions{TLSEnabled: true, TLSDisableRedirect: true}, defaultTargetOptions,
+	service := testCreateServiceWithHandler(t, []string{"example.com"}, ServiceOptions{TLSEnabled: true, TLSRedirect: false}, defaultTargetOptions,
 		http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			forwardedProto = r.Header.Get("X-Forwarded-Proto")
 		}),

internal/server/testing.go

@@ -14,7 +14,7 @@ var (
 	defaultHealthCheckConfig = HealthCheckConfig{Path: DefaultHealthCheckPath, Interval: DefaultHealthCheckInterval, Timeout: DefaultHealthCheckTimeout}
 	defaultEmptyHosts        = []string{}
 	defaultPaths             = []string{rootPath}
-	defaultServiceOptions    = ServiceOptions{}
+	defaultServiceOptions    = ServiceOptions{TLSRedirect: true}
 	defaultTargetOptions     = TargetOptions{HealthCheckConfig: defaultHealthCheckConfig, ResponseTimeout: DefaultTargetTimeout}
 )