feat!: generate a self-signed certificate if no certificates are specified (#5973)

* feat: generate a self-signed certificate if no certificates are specified Clouds like AWS automatically navigate to https://<ip-here>. This allows us to bind to that immediately, serve a self-signed certificate, then reroute to the access URL. * Add new flag and deprecate old one * Fix redirect if not using tunnel * Add deprecation notice * Fix TLS redirect * Run `make gen` * Fix bad test * Fix gen
2025-07-12 00:14:10 +00:00 · 2023-02-02 11:08:35 -06:00
parent e27f7accd7
commit b9b402cd0c
11 changed files with 132 additions and 38 deletions
--- a/cli/deployment/config.go
+++ b/cli/deployment/config.go
@ -32,6 +32,11 @@ func newConfig() *codersdk.DeploymentConfig {
 			Usage: "Specifies the wildcard hostname to use for workspace applications in the form \"*.example.com\".",
 			Flag:  "wildcard-access-url",
 		},
+		RedirectToAccessURL: &codersdk.DeploymentConfigField[bool]{
+			Name:  "Redirect to Access URL",
+			Usage: "Specifies whether to redirect requests that do not match the access URL host.",
+			Flag:  "redirect-to-access-url",
+		},
 		// DEPRECATED: Use HTTPAddress or TLS.Address instead.
 		Address: &codersdk.DeploymentConfigField[string]{
 			Name:      "Address",
@ -300,11 +305,13 @@ func newConfig() *codersdk.DeploymentConfig {
 				Flag:    "tls-address",
 				Default: "127.0.0.1:3443",
 			},
+			// DEPRECATED: Use RedirectToAccessURL instead.
 			RedirectHTTP: &codersdk.DeploymentConfigField[bool]{
 				Name:    "Redirect HTTP to HTTPS",
 				Usage:   "Whether HTTP requests will be redirected to the access URL (if it's a https URL and TLS is enabled). Requests to local IP addresses are never redirected regardless of this setting.",
 				Flag:    "tls-redirect-http-to-https",
 				Default: true,
+				Hidden:  true,
 			},
 			CertFiles: &codersdk.DeploymentConfigField[[]string]{
 				Name:  "TLS Certificate Files",