Automatic and simple HTTP to HTTPS redirection

Hello,
I didn’t find in the documentation an easy way to force HTTPS redirection.

From Always Be Connecting (with HTTPS)

At Fly, you’ll have already discovered that when you create an app, it appears as http://appname.fly.dev and if you connect there, your browser switches automatically, by redirection, to https://appname.fly.dev . That’s how we do it for the fly.dev domain.

But after some initial testing I didn’t find this behaviour be true: My newly deployed app, without certificates, does not redirect to HTTPS when accessed over http://appname.fly.dev.

curl -v "http://black-pond-1162.fly.dev/" 
*   Trying 2a09:8280:1::3:1f33:80...
* Connected to black-pond-1162.fly.dev (2a09:8280:1::3:1f33) port 80 (#0)
> GET / HTTP/1.1
> Host: black-pond-1162.fly.dev
> User-Agent: curl/7.77.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< date: Mon, 07 Feb 2022 17:37:39 GMT
< content-length: 742
< content-type: text/plain; charset=utf-8
< server: Fly/2cdfc34 (2022-02-04)
< via: 1.1 fly.io
< fly-request-id: 01FVAM6DV14S14PTX7WN823GM9
<
Hello world
* Connection #0 to host black-pond-1162.fly.dev left intact

When in reality I would expect it to get a 30X redirect.

Regarthless of this, I would like to know if it is possible to have a simple way to redirect all traffic to HTTPs.
`

  1. The suggested way is in the application layer, make an if in some middleware that handles this. In my opinion this is not feasible in lots of scenarios, as it would require modifying the source code for existing distributed images.

  2. Another way is to setup a reverse proxy with something like an nginx server. The thing is, it will significantly drive the costs up and make the infrastructure more complex, just for a simple redirect.

  3. The last way I see is adding a free CDN proxy like Cloudflare. Cloudflare automatically handles HTTPS redirection. The disadvantage is that you will add another layer and loose the routing functionality of Fly.

As you can see I did not find proper way to do redirection, if I’m not mistaken in any of the above, consider this a feature request.

A quote from that blog post:

At Fly, you’ll have already discovered that when you create an app, it appears as http://appname.fly.dev and if you connect there, your browser switches automatically, by redirection, to https://appname.fly.dev. That’s how we do it for the fly.dev domain.


Kurt strikes again:

In my opinion this is not feasible in lots of scenarios, as it would require modifying the source code for existing distributed images.

What kind of app are you running?
You may be able to find reusable bits for doing this somewhere on this forum, or in Fly.io Apps · GitHub

Okay, this makes total sense! Thank you for pointing this out. But it is not via redirection as mentioned in the article, it is because browsers preload HSTS on .dev domains. As discussed in the thread you sent: Why is *.fly.dev redirecting to https automatically?.

I am running multiple test images and open source pre-packaged software from DockerHub. This is why it is really sad to have to make custom images for it or have to stick a reverse proxy in front.

We’ve just shipped a new feature that tackles this. Hopefully it’ll cover your needs!

2 Likes