From 18598113117162375215bca182fa2c37a45a7793 Mon Sep 17 00:00:00 2001
From: junderw <junderwood@bitcoinbank.co.jp>
Date: Thu, 19 Aug 2021 07:29:39 +0900
Subject: [PATCH] feat: redirect using 308 for non-GET requests

---
 docs/README.md |  2 +-
 nginx.tmpl     | 14 ++++++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/docs/README.md b/docs/README.md
index 5d8da45..52972b8 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -571,7 +571,7 @@ Complete list of policies available through the `SSL_POLICY` environment variabl
 
 The default behavior for the proxy when port 80 and 443 are exposed is as follows:
 
-- If a virtual host has a usable cert, port 80 will redirect to 443 for that virtual host so that HTTPS is always preferred when available.
+- If a virtual host has a usable cert, port 80 will redirect to 443 for that virtual host so that HTTPS is always preferred when available. This redirect will use a [301 code](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/301) for `GET` requests and [308 code](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/308) for any other HTTP method (`POST`/`HEAD`/`PUT` etc.).
 - If the virtual host does not have a usable cert, but `default.crt` and `default.key` exist, those will be used as the virtual host's certificate.
 - If the virtual host does not have a usable cert, and `default.crt` and `default.key` do not exist, or if the virtual host is configured not to trust the default certificate, SSL handshake will be rejected (see [Default and Missing Certificate](#default-and-missing-certificate) below).
 
diff --git a/nginx.tmpl b/nginx.tmpl
index d18b2ab..e11a6bd 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -887,9 +887,19 @@ server {
 
     location / {
         {{- if eq $globals.config.external_https_port "443" }}
-        return 301 https://$host$request_uri;
+        if ($request_method = GET) {
+            return 301 https://$host$request_uri;
+        }
+        if ($request_method != GET) {
+            return 308 https://$host$request_uri;
+        }
         {{- else }}
-        return 301 https://$host:{{ $globals.config.external_https_port }}$request_uri;
+        if ($request_method = GET) {
+            return 301 https://$host:{{ $globals.config.external_https_port }}$request_uri;
+        }
+        if ($request_method != GET) {
+            return 308 https://$host:{{ $globals.config.external_https_port }}$request_uri;
+        }
         {{- end }}
     }
 }