From dbf3689c5e37713c4e03f62ed4fc95a1b5b30f58 Mon Sep 17 00:00:00 2001
From: Sven Schliesing <muffl0n@raffts.net>
Date: Wed, 24 Nov 2021 00:27:45 +0100
Subject: [PATCH] add documentation for "force-ssl-redirect" (#7957)

See #4628
---
 docs/user-guide/nginx-configuration/configmap.md | 5 +++++
 docs/user-guide/tls.md                           | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md
index 0bac62ac1..f120f41f6 100755
--- a/docs/user-guide/nginx-configuration/configmap.md
+++ b/docs/user-guide/nginx-configuration/configmap.md
@@ -172,6 +172,7 @@ The following table shows a configuration option's name, type, and the default v
 |[proxy-redirect-from](#proxy-redirect-from)|string|"off"|
 |[proxy-request-buffering](#proxy-request-buffering)|string|"on"|
 |[ssl-redirect](#ssl-redirect)|bool|"true"|
+|[force-ssl-redirect](#force-ssl-redirect)|bool|"false"|
 |[whitelist-source-range](#whitelist-source-range)|[]string|[]string{}|
 |[skip-access-log-urls](#skip-access-log-urls)|[]string|[]string{}|
 |[limit-rate](#limit-rate)|int|0|
@@ -1061,6 +1062,10 @@ Enables or disables [buffering of a client request body](http://nginx.org/en/doc
 Sets the global value of redirects (301) to HTTPS if the server has a TLS certificate (defined in an Ingress rule).
 _**default:**_ "true"
 
+## force-ssl-redirect
+Sets the global value of redirects (308) to HTTPS if the server has a default TLS certificate (defined in extra-args).
+_**default:**_ "false"
+
 ## whitelist-source-range
 
 Sets the default whitelisted IPs for each `server` block. This can be overwritten by an annotation on an Ingress rule.
diff --git a/docs/user-guide/tls.md b/docs/user-guide/tls.md
index 636bf3aed..38f533de6 100644
--- a/docs/user-guide/tls.md
+++ b/docs/user-guide/tls.md
@@ -44,6 +44,8 @@ add `--default-ssl-certificate=default/foo-tls` in the `nginx-controller` deploy
 The default certificate will also be used for ingress `tls:` sections that do not
 have a `secretName` option.
 
+To force redirects for Ingresses that do not specify a TLS-block at all, take a look at `force-ssl-redirect` in [ConfigMap][ConfigMap].
+
 ## SSL Passthrough
 
 The [`--enable-ssl-passthrough`](cli-arguments.md) flag enables the SSL Passthrough feature, which is disabled by