From 4d9b4214e5b90a28fc589ba2e623b0c40610b95d Mon Sep 17 00:00:00 2001
From: Jean Froment <jean.froment@apalia.net>
Date: Sun, 6 Mar 2022 22:16:00 +0100
Subject: [PATCH] Handle https redirection for regular services ar router level

---
 run-seedbox.sh                  | 10 +++++++++-
 traefik/custom/middlewares.yaml |  4 ++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/run-seedbox.sh b/run-seedbox.sh
index f2c6947..a44219e 100755
--- a/run-seedbox.sh
+++ b/run-seedbox.sh
@@ -194,6 +194,7 @@ for json in $(yq eval -o json config.yaml | jq -c ".services[]"); do
   # Loop over all Traefik rules and create the corresponding entries in the generated rules.yaml
   echo-debug "[$0]    Generating Traefik rules..."
   i=0
+  middlewareCount=0
   for rule in $(echo $json | jq -c .traefik.rules[]); do
     ((i=i+1))
     host=$(echo $rule | jq -r .host)
@@ -218,7 +219,8 @@ for json in $(yq eval -o json config.yaml | jq -c ".services[]"); do
     ruleId="${name}-${i}"
     echo 'http.routers.'"${ruleId}"'.rule: Host(`'${hostTraefik}'`)' >> rules.props
     if [[ ${httpAuth} == "true" ]]; then
-      echo "http.routers.${ruleId}.middlewares.0: common-auth@file" >> rules.props
+      echo "http.routers.${ruleId}.middlewares.${middlewareCount}: common-auth@file" >> rules.props
+      ((middlewareCount=middlewareCount+1))
     fi
 
     traefikService=$(echo $rule | jq -r .service)
@@ -234,9 +236,15 @@ for json in $(yq eval -o json config.yaml | jq -c ".services[]"); do
       echo "http.routers.${ruleId}.tls: EMPTYMAP" >> rules.props
     fi
 
+    # Check if httpOnly flag is enabled
+    # If enabled => Specify to use only "insecure" (port 80) entrypoint
+    # If not => use all entryPoints (by not specifying any) but force redirection to https
     httpOnly=$(echo $rule | jq -r .httpOnly)
     if [[ ${httpOnly} == true ]]; then
       echo "http.routers.${ruleId}.entryPoints.0: insecure" >> rules.props
+    else
+      echo "http.routers.${ruleId}.middlewares.${middlewareCount}: redirect-to-https" >> rules.props
+      ((middlewareCount=middlewareCount+1))
     fi
 
     # If the specified service does not contain a "@" => we create it
diff --git a/traefik/custom/middlewares.yaml b/traefik/custom/middlewares.yaml
index da09072..e0d2a75 100644
--- a/traefik/custom/middlewares.yaml
+++ b/traefik/custom/middlewares.yaml
@@ -15,3 +15,7 @@ http:
         frameDeny: true
         contentTypeNosniff: true
         browserXssFilter: true
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+        permanent: false