add documentation for "force-ssl-redirect" (#7957)

See #4628
2021-11-24 00:27:45 +01:00 · 2021-11-24 00:27:45 +01:00 · dbf3689c5e
commit dbf3689c5e
parent 843a16a8f8
2 changed files with 7 additions and 0 deletions
--- a/docs/user-guide/nginx-configuration/configmap.md
+++ b/docs/user-guide/nginx-configuration/configmap.md
@ -172,6 +172,7 @@ The following table shows a configuration option's name, type, and the default v
 |[proxy-redirect-from](#proxy-redirect-from)|string|"off"|
 |[proxy-request-buffering](#proxy-request-buffering)|string|"on"|
 |[ssl-redirect](#ssl-redirect)|bool|"true"|
+|[force-ssl-redirect](#force-ssl-redirect)|bool|"false"|
 |[whitelist-source-range](#whitelist-source-range)|[]string|[]string{}|
 |[skip-access-log-urls](#skip-access-log-urls)|[]string|[]string{}|
 |[limit-rate](#limit-rate)|int|0|
@ -1061,6 +1062,10 @@ Enables or disables [buffering of a client request body](http://nginx.org/en/doc
 Sets the global value of redirects (301) to HTTPS if the server has a TLS certificate (defined in an Ingress rule).
 _**default:**_ "true"

+## force-ssl-redirect
+Sets the global value of redirects (308) to HTTPS if the server has a default TLS certificate (defined in extra-args).
+_**default:**_ "false"
+
 ## whitelist-source-range

 Sets the default whitelisted IPs for each `server` block. This can be overwritten by an annotation on an Ingress rule.
--- a/docs/user-guide/tls.md
+++ b/docs/user-guide/tls.md
@ -44,6 +44,8 @@ add `--default-ssl-certificate=default/foo-tls` in the `nginx-controller` deploy
 The default certificate will also be used for ingress `tls:` sections that do not
 have a `secretName` option.

+To force redirects for Ingresses that do not specify a TLS-block at all, take a look at `force-ssl-redirect` in [ConfigMap][ConfigMap].
+
 ## SSL Passthrough

 The [`--enable-ssl-passthrough`](cli-arguments.md) flag enables the SSL Passthrough feature, which is disabled by