new: [apache] automatic redirection from ``http`` to ``https``.

apache/lib/common

@@ -40,6 +40,7 @@ export -f apache_publish_dir
 
 
 apache_vhost_create () {
+    local custom_rules
     export APACHE_CONFIG_LOCATION="$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled" vhost_statement
 
     SERVER_ALIAS=$(relation-get server-aliases 2>/dev/null) || true
@@ -50,6 +51,25 @@ apache_vhost_create () {
     if is_protocol_enabled https; then
         read-0 SSL_PLUGIN_FUN SSL_CFG_VALUE SSL_CFG_OPTIONS < <(ssl_get_plugin_fun) || return 1
         "$SSL_PLUGIN_FUN"_vars "$SSL_CFG_OPTIONS" "$SSL_CFG_VALUE" || return 1
+        redirect=$(relation-get 'redirect-to-ssl' 2>/dev/null) || true
+        if is_protocol_enabled http; then
+            redirect=${redirect:-true}
+        else
+            redirect=false
+        fi
+        if [ "$redirect" == "true" ]; then
+            custom_rules=$(_get_custom_rules) || return 1
+            if [[ "$custom_rules" != *"## Auto-redirection from http to https"* ]]; then
+                relation-set apache-custom-rules "- |
+  ## Auto-redirection from http to https
+  RewriteEngine On
+  RewriteCond %{HTTPS} off
+  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,QSA]
+$(if [ "$custom_rules" ]; then
+    echo "- |"$'\n'"$(echo "$custom_rules" | prefix "  ")"
+  fi)"
+            fi
+        fi
     fi
     vhost_statement=$(apache_vhost_statement "$PROTOCOLS") || return 1
     echo "$vhost_statement"| file_put "$APACHE_CONFIG_LOCATION/$prefix$DOMAIN.conf" || return 1
@@ -100,7 +120,7 @@ __vhost_cfg_normalize_protocol() {
     case "$protocol" in
         auto)
             if __vhost_cfg_ssl="$(_get_ssl_option_value)"; then
-                protocol="https"
+                protocol="http,https"
                 export __vhost_cfg_ssl
             else
                 protocol="http"

apache/test/vhost_cert_provider

@@ -24,6 +24,13 @@ relation-get() {
 }
 export -f relation-get
 
+relation-set() {
+    local key="$1" value="$2"
+    echo "relation-set $key:" >&2
+    echo "$value" | prefix "  | " >&2
+}
+export -f relation-set
+
 get_service_relations() {
     printf "%s\0" "${RELATIONS[@]}"
 }
@@ -135,7 +142,15 @@ ssl:
 '
 RELATIONS=(cert-provider foo a True)
 apache_vhost_create" "known cert key"
-noerror
+is errlvl 0
+is err part "\
+relation-set apache-custom-rules:
+  | - |
+  |   ## Auto-redirection from http to https
+  |   RewriteEngine On
+  |   RewriteCond %{HTTPS} off
+  |   RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,QSA]
+  |"
 is out reg 'Calling: compose .*foo: options: <merge_yaml_str\(.a., .12., )>.*run --rm --service-ports foo.*'
 is out part 'config-add
   | services:

apache/test/vhost_files

@@ -22,6 +22,13 @@ relation-get() {
 }
 export -f relation-get
 
+relation-set() {
+    local key="$1" value="$2"
+    echo "relation-set $key:" >&2
+    echo "$value" | prefix "  | " >&2
+}
+export -f relation-set
+
 get_service_relations() {
     printf "%s\0" "${RELATIONS[@]}"
 }
@@ -98,9 +105,9 @@ CFG='
 ssl: true
 '
 apache_vhost_create"
-noerror
+is errlvl 0
+is err part "## Auto-redirection from http to https"
 is out reg '^file_put \$SERVICE_CONFIGSTORE/.*/www.example.com.conf'
-is err ''
 
 
 try "
@@ -118,7 +125,8 @@ ssl:
   cert: c
 '
 apache_vhost_create"
-noerror
+is errlvl 0
+is err part "## Auto-redirection from http to https"
 is out part 'file_put $CONFIGSTORE/$BASE_SERVICE_NAME/etc/ssl/certs/www.example.com.pem
   | c'
 is out part 'file_put $CONFIGSTORE/$BASE_SERVICE_NAME/etc/ssl/private/www.example.com.key