From cda11bc52f2edb5b23e447d5e1d6f233d46a4cb5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= <saghul@jitsi.org>
Date: Wed, 7 Nov 2018 14:27:22 +0100
Subject: [PATCH] web: add ability to redirect HTTP traffic to HTTPS

Useful if you're running this setup directly on the Internet, with a
Let's Encrypt certificate.
---
 README.md                   | 1 +
 docker-compose.yml          | 1 +
 env.example                 | 3 +++
 web/rootfs/defaults/default | 4 ++++
 4 files changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 547ad32..86eb372 100644
--- a/README.md
+++ b/README.md
@@ -161,6 +161,7 @@ Variable | Description | Default value
 `JIGASI_PORT_MIN` | Minimum port for media used by Jigasi | 20000
 `JIGASI_PORT_MAX` | Maximum port for media used by Jigasi | 20050
 `DISABLE_HTTPS` | Disable HTTPS, this can be useful if TLS connections are going to be handled outside of this setup | 1
+`ENABLE_HTTP_REDIRECT` | Redirects HTTP traffic to HTTPS | 1
 
 ### Running on a LAN environment
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 8522973..24ee938 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,6 +13,7 @@ services:
             - ENABLE_AUTH
             - ENABLE_GUESTS
             - ENABLE_LETSENCRYPT
+            - ENABLE_HTTP_REDIRECT
             - DISABLE_HTTPS
             - JICOFO_AUTH_USER
             - LETSENCRYPT_DOMAIN
diff --git a/env.example b/env.example
index 9dea1be..12425c7 100644
--- a/env.example
+++ b/env.example
@@ -121,3 +121,6 @@ JIGASI_PORT_MAX=20050
 
 # Disable HTTPS. This can be useful if TLS connections are going to be handled outside of this setup.
 #DISABLE_HTTPS=1
+
+# Redirects HTTP traffic to HTTPS. Only works with the standard HTTPS port (443).
+#ENABLE_HTTP_REDIRECT=1
diff --git a/web/rootfs/defaults/default b/web/rootfs/defaults/default
index 0d2027f..f22e80b 100644
--- a/web/rootfs/defaults/default
+++ b/web/rootfs/defaults/default
@@ -1,7 +1,11 @@
 server {
 	listen 80 default_server;
 
+	{{ if .Env.ENABLE_HTTP_REDIRECT }}
+	return 301 https://$host$request_uri;
+	{{ else }}
 	include /config/nginx/meet.conf;
+	{{ end }}
 }
 
 {{ if not .Env.DISABLE_HTTPS }}