fix: change tls -> https since the redirection is http-specific feature on app layer

config-example.toml

@@ -11,7 +11,9 @@ listen_port = 8080
 listen_port_tls = 8443
 
 # Optional. If you listen on a custom port like 8443 but redirect with firewall to 443
-# tls_redirection_port = 443
+# When you specify this, the server sends a redirection response 301 with specified port to the client for plaintext http request.
+# Otherwise, the server sends 301 with the same port as `listen_port_tls`.
+# https_redirection_port = 443
 
 # Optional for h2 and http1.1
 tcp_listen_backlog = 1024

rpxy-bin/src/config/parse.rs

@@ -59,6 +59,13 @@ pub fn build_settings(config: &ConfigToml) -> std::result::Result<(ProxyConfig,
       "Some apps serves only plaintext HTTP"
     );
   }
+  // https redirection port must be configured only when both http_port and https_port are configured.
+  if proxy_config.https_redirection_port.is_some() {
+    ensure!(
+      proxy_config.https_port.is_some() && proxy_config.http_port.is_some(),
+      "https_redirection_port can be specified only when both http_port and https_port are specified"
+    );
+  }
   // https redirection can be configured if both ports are active
   if !(proxy_config.https_port.is_some() && proxy_config.http_port.is_some()) {
     ensure!(

rpxy-bin/src/config/toml.rs

@@ -13,7 +13,7 @@ pub struct ConfigToml {
   pub listen_port: Option<u16>,
   pub listen_port_tls: Option<u16>,
   pub listen_ipv6: Option<bool>,
-  pub tls_redirection_port: Option<u16>,
+  pub https_redirection_port: Option<u16>,
   pub tcp_listen_backlog: Option<u32>,
   pub max_concurrent_streams: Option<u32>,
   pub max_clients: Option<u32>,
@@ -108,8 +108,11 @@ impl TryInto<ProxyConfig> for &ConfigToml {
       // listen port and socket
       http_port: self.listen_port,
       https_port: self.listen_port_tls,
-      https_redirection_port: if self.tls_redirection_port.is_some() {
-        self.tls_redirection_port } else { self.listen_port_tls },
+      https_redirection_port: if self.https_redirection_port.is_some() {
+        self.https_redirection_port
+      } else {
+        self.listen_port_tls
+      },
       ..Default::default()
     };
     ensure!(

rpxy-lib/src/globals.rs

@@ -30,8 +30,12 @@ pub struct ProxyConfig {
   pub listen_sockets: Vec<SocketAddr>,
   /// http port
   pub http_port: Option<u16>,
-  /// https port
+  /// https port listening for TLS by default
   pub https_port: Option<u16>,
+  /// https redirection port that notifies the client the port to connect to.
+  /// Tis is used when the reverse proxy is behind a middlebox mapping the https port A to the reverse proxy's https port B.
+  /// Typically, it is the container environment. (e.g. the host exposes 443 and the container exposes 8443 for https, then the redirection port is 443)
+  pub https_redirection_port: Option<u16>,
   /// tcp listen backlog
   pub tcp_listen_backlog: u32,
 
@@ -85,6 +89,7 @@ impl Default for ProxyConfig {
       listen_sockets: Vec::new(),
       http_port: None,
       https_port: None,
+      https_redirection_port: None,
       tcp_listen_backlog: TCP_LISTEN_BACKLOG,
 
       // TODO: Reconsider each timeout values

rpxy-lib/src/message_handler/handler_main.rs

@@ -121,7 +121,11 @@ where
         "Redirect to secure connection: {}",
         <&ServerName as TryInto<String>>::try_into(&backend_app.server_name).unwrap_or_default()
       );
-      return secure_redirection_response(&backend_app.server_name, self.globals.proxy_config.https_redirection_port, &req);
+      return secure_redirection_response(
+        &backend_app.server_name,
+        self.globals.proxy_config.https_redirection_port,
+        &req,
+      );
     }
 
     // Find reverse proxy for given path and choose one of upstream host