From d4ab010b0149190a4f9b57d08fe875d1b960b0e6 Mon Sep 17 00:00:00 2001
From: Kevin McConnell <kevin@37signals.com>
Date: Wed, 12 Mar 2025 10:49:53 +0000
Subject: [PATCH] Add `ssl_redirect` proxy option

---
 lib/kamal/configuration/docs/proxy.yml | 7 +++++++
 lib/kamal/configuration/proxy.rb       | 1 +
 2 files changed, 8 insertions(+)

diff --git a/lib/kamal/configuration/docs/proxy.yml b/lib/kamal/configuration/docs/proxy.yml
index 9ed6a97f..49c11ac8 100644
--- a/lib/kamal/configuration/docs/proxy.yml
+++ b/lib/kamal/configuration/docs/proxy.yml
@@ -52,6 +52,13 @@ proxy:
   # Defaults to `false`:
   ssl: true
 
+  # SSL redirect
+  #
+  # By default, kamal-proxy will redirect all HTTP requests to HTTPS when SSL is enabled.
+  # If you prefer that HTTP traffic is passed through to your application (along with
+  # HTTPS traffic), you can disable this redirect by setting `ssl_redirect: false`:
+  ssl_redirect: false
+
   # Forward headers
   #
   # Whether to forward the `X-Forwarded-For` and `X-Forwarded-Proto` headers.
diff --git a/lib/kamal/configuration/proxy.rb b/lib/kamal/configuration/proxy.rb
index 6232c3e0..a8272e88 100644
--- a/lib/kamal/configuration/proxy.rb
+++ b/lib/kamal/configuration/proxy.rb
@@ -42,6 +42,7 @@ class Kamal::Configuration::Proxy
       "max-request-body": proxy_config.dig("buffering", "max_request_body"),
       "max-response-body": proxy_config.dig("buffering", "max_response_body"),
       "forward-headers": proxy_config.dig("forward_headers"),
+      "tls-redirect": proxy_config.dig("ssl_redirect"),
       "log-request-header": proxy_config.dig("logging", "request_headers") || DEFAULT_LOG_REQUEST_HEADERS,
       "log-response-header": proxy_config.dig("logging", "response_headers")
     }.compact