SSL redirects
Kamal 2.6 comes with a new feature - the ssl_redirect
option. By default, when SSL is enabled, the system automatically redirects HTTP traffic to HTTPS at the proxy level. However, in scenarios where applications need to handle both HTTP and HTTPS traffic differently or independently, this new option provides the flexibility to disable the automatic redirect. The default behavior remains unchanged to ensure a seamless experience for users.
The --tls-redirect
deploy flag was introduced in Kamal Proxy 0.8.7 and is now available as a proxy
option in a Kamal configuration file config/deploy.yml
:
# config/deploy.yml
proxy:
# SSL
#
# kamal-proxy can provide automatic HTTPS for your application via Let's Encrypt.
#
# This requires that we are deploying to one server and the host option is set.
# The host value must point to the server we are deploying to, and port 443 must be
# open for the Let's Encrypt challenge to succeed.
#
# If you set `ssl` to `true`, `kamal-proxy` will stop forwarding headers to your app,
# unless you explicitly set `forward_headers: true`
#
# Defaults to `false`:
ssl: true
# SSL redirect
#
# By default, kamal-proxy will redirect all HTTP requests to HTTPS when SSL is enabled.
# If you prefer that HTTP traffic is passed through to your application (along with
# HTTPS traffic), you can disable this redirect by setting `ssl_redirect: false`:
ssl_redirect: false
If the option is not set, users get automatic redirects as long as the SSL is used with ssl: true
. To disable the redirect, set ssl_redirect
to false
.
