From af8f2881f1edadd3a44686b5e0f6d1eb15fa3336 Mon Sep 17 00:00:00 2001
From: chentao1596 <chen.tao3@zte.com.cn>
Date: Wed, 18 Jan 2017 10:04:34 +0800
Subject: [PATCH] add content: Server-side HTTPS enforcement through redirect

---
 controllers/nginx/configuration.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md
index 77d615c08..1303209a3 100644
--- a/controllers/nginx/configuration.md
+++ b/controllers/nginx/configuration.md
@@ -8,6 +8,7 @@
 * [Rewrite](#rewrite)
 * [Rate limiting](#rate-limiting)
 * [Secure backends](#secure-backends)
+* [Server-side HTTPS enforcement through redirect](#server-side-https-enforcement-through-redirect)
 * [Whitelist source range](#whitelist-source-range)
 * [Allowed parameters in configuration config map](#allowed-parameters-in-configuration-configmap)
 * [Default configuration options](#default-configuration-options)
@@ -160,6 +161,13 @@ Is possible to specify both annotation in the same Ingress rule. If you specify
 By default NGINX uses `http` to reach the services. Adding the annotation `ingress.kubernetes.io/secure-backends: "true"` in the ingress rule changes the protocol to `https`.
 
 
+### Server-side HTTPS enforcement through redirect
+
+By default the controller redirects (301) to `HTTPS` if TLS is enabled for that ingress. If you want to disable that behaviour globally, you can use `ssl-redirect: "false"` in the NGINX config map
+
+To configure this feature for specific ingress resources, you can use the `ingress.kubernetes.io/ssl-redirect: "false"` annotation in the particular resource
+
+
 ### Whitelist source range
 
 You can specify the allowed client ip source ranges through the `ingress.kubernetes.io/whitelist-source-range` annotation, eg;  `10.0.0.0/24,172.10.0.1`