fix: turn-off TLS redirects if configured (#574)

fixes #573

cmd/console/server.go

@@ -57,6 +57,11 @@ var serverCmd = cli.Command{
 			Value: restapi.GetTLSPort(),
 			Usage: "HTTPS server port",
 		},
+		cli.StringFlag{
+			Name:  "tls-redirect",
+			Value: restapi.GetTLSRedirect(),
+			Usage: "HTTPS redirect by default",
+		},
 		cli.StringFlag{
 			Name:  "certs-dir",
 			Value: certs.GlobalCertsCADir.Get(),
@@ -125,7 +130,7 @@ func startServer(ctx *cli.Context) error {
 		// Need to store tls-port, tls-host un config variables so secure.middleware can read from there
 		restapi.TLSPort = fmt.Sprintf("%v", ctx.Int("tls-port"))
 		restapi.TLSHostname = ctx.String("tls-host")
-		restapi.TLSRedirect = "on"
+		restapi.TLSRedirect = ctx.String("tls-redirect")
 	}
 
 	server.ConfigureAPI()

restapi/config.go

@@ -29,29 +29,34 @@ import (
 	"github.com/minio/minio/pkg/env"
 )
 
-// Port console default port
-var Port = "9090"
+var (
+	// Port console default port
+	Port = "9090"
 
-// Hostname console hostname
-var Hostname = "0.0.0.0"
+	// Hostname console hostname
+	Hostname = "0.0.0.0"
 
-// TLSHostname console tls hostname
-var TLSHostname = "0.0.0.0"
+	// TLSHostname console tls hostname
+	TLSHostname = "0.0.0.0"
 
-// TLSPort console tls port
-var TLSPort = "9443"
+	// TLSPort console tls port
+	TLSPort = "9443"
 
-// TLSRedirect console tls redirect rule
-var TLSRedirect = "off"
+	// TLSRedirect console tls redirect rule
+	TLSRedirect = "on"
 
-var SessionDuration = 45 * time.Minute
+	// SessionDuration cookie validity duration
+	SessionDuration = 45 * time.Minute
+)
 
-var logSearchAPI string
-var logSearchURL string
-var prometheusURL string
-var consoleImage string
+var (
+	logSearchAPI  string
+	logSearchURL  string
+	prometheusURL string
+	consoleImage  string
 
-var once sync.Once
+	once sync.Once
+)
 
 func getMinIOServer() string {
 	return strings.TrimSpace(env.Get(ConsoleMinIOServer, "http://localhost:9000"))
@@ -121,6 +126,11 @@ func GetTLSPort() int {
 	return port
 }
 
+// If GetTLSRedirect is set to true, then only allow HTTPS requests. Default is true.
+func GetTLSRedirect() string {
+	return strings.ToLower(env.Get(ConsoleSecureTLSRedirect, TLSRedirect))
+}
+
 // Get secure middleware env variable configurations
 func getSecureAllowedHosts() []string {
 	allowedHosts := env.Get(ConsoleSecureAllowedHosts, "")
@@ -171,11 +181,6 @@ func getSecureHostsProxyHeaders() []string {
 	return []string{}
 }
 
-// If TLSRedirect is set to true, then only allow HTTPS requests. Default is true.
-func getTLSRedirect() bool {
-	return strings.ToLower(env.Get(ConsoleSecureTLSRedirect, TLSRedirect)) == "on"
-}
-
 // TLSHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host.
 func getSecureTLSHost() string {
 	return env.Get(ConsoleSecureTLSHost, fmt.Sprintf("%s:%s", TLSHostname, TLSPort))

restapi/configure_console.go

@@ -189,7 +189,7 @@ func setupGlobalMiddleware(handler http.Handler) http.Handler {
 		AllowedHosts:                    getSecureAllowedHosts(),
 		AllowedHostsAreRegex:            getSecureAllowedHostsAreRegex(),
 		HostsProxyHeaders:               getSecureHostsProxyHeaders(),
-		SSLRedirect:                     getTLSRedirect(),
+		SSLRedirect:                     GetTLSRedirect() == "on",
 		SSLHost:                         getSecureTLSHost(),
 		STSSeconds:                      getSecureSTSSeconds(),
 		STSIncludeSubdomains:            getSecureSTSIncludeSubdomains(),