From 30661704dfbd425a22058f5bd98d63db36128d5d Mon Sep 17 00:00:00 2001
From: Maor Rozenfeld <49363375+maor-rozenfeld@users.noreply.github.com>
Date: Fri, 20 Feb 2026 16:34:48 +0100
Subject: [PATCH] Add HTTP to HTTPS redirect in nginx gateway

When global.publicUrl uses HTTPS, nginx now returns a 301 redirect
for requests arriving over plain HTTP. The redirect is detected via
the X-Forwarded-Proto header set by TLS-terminating load balancers
and ingress controllers.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 chart/templates/configmap-nginx.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/chart/templates/configmap-nginx.yaml b/chart/templates/configmap-nginx.yaml
index 1f06237..d033d5c 100644
--- a/chart/templates/configmap-nginx.yaml
+++ b/chart/templates/configmap-nginx.yaml
@@ -20,6 +20,13 @@ data:
         client_body_buffer_size 128k;
         client_header_buffer_size 1k;
         large_client_header_buffers 4 16k;
+
+        {{- if include "openops.isHttps" . }}
+        # Redirect HTTP to HTTPS when behind a TLS-terminating load balancer
+        if ($http_x_forwarded_proto = "http") {
+            return 301 https://$host$request_uri;
+        }
+        {{- end }}
         
         # Security headers
         {{- if .Values.nginx.securityHeaders.enabled }}