From 0b6e3ece73f04ca96e295d7d1d126d088fa77b7d Mon Sep 17 00:00:00 2001
From: Mike Terhar <mterhar@coder.com>
Date: Thu, 12 Aug 2021 09:28:51 -0400
Subject: [PATCH 1/2] Allow user to set httpsToHttp for ALB tls

If TLS is terminated by an ALB, the service port 80 routes traffic without redirecting
to HTTPS and the HTTPS port presents an error since it's pointing to another HTTPS
port of the node.

This change allows the load balancer to expose only port 443 externally which routes to
the HTTP port of the coderd pod.
---
 templates/coderd.yaml | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/templates/coderd.yaml b/templates/coderd.yaml
index ff5623a4..e4442f4b 100644
--- a/templates/coderd.yaml
+++ b/templates/coderd.yaml
@@ -247,20 +247,22 @@ spec:
   selector:
     coder.deployment: {{ include "coder.serviceName" . }}
   ports:
-    - name: tcp-{{ include "coder.serviceName" . }}
-      port: 80
-      targetPort: 8080
-      protocol: TCP
-      {{ if .Values.coderd.serviceNodePorts.http }}
-      nodePort: {{  .Values.coderd.serviceNodePorts.http  }}
-      {{ end }}
     - name: tcp-{{ include "coder.serviceName" . }}-https
       port: 443
+      {{- if .Values.coderd.httpsToHttp }}¬
       targetPort: 8443
       protocol: TCP
       {{ if .Values.coderd.serviceNodePorts.https }}
       nodePort: {{ .Values.coderd.serviceNodePorts.https }}
       {{ end }}
+    - name: tcp-{{ include "coder.serviceName" . }}
+      port: 80
+      {{- end }}
+      targetPort: 8080
+      protocol: TCP
+      {{ if .Values.coderd.serviceNodePorts.http }}
+      nodePort: {{  .Values.coderd.serviceNodePorts.http  }}
+      {{ end }}
 {{- else }}
 ---
 apiVersion: v1

From 24119dad9f3b93676d1de48b72e859aec23a1618 Mon Sep 17 00:00:00 2001
From: Mike Terhar <mterhar@coder.com>
Date: Thu, 12 Aug 2021 09:31:23 -0400
Subject: [PATCH 2/2] Add value to support httpsToHttp

---
 values.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/values.yaml b/values.yaml
index 36d5e31e..48b93eff 100644
--- a/values.yaml
+++ b/values.yaml
@@ -36,6 +36,11 @@ coderd:
   # coderd.serviceAnnotations -- Extra annotations to apply to the coderd service.
   serviceAnnotations: {}
 
+  # coderd.httpsToHttp -- eliminates the external http port and routes traffic from
+  # the external https port to the internal http port. Useful for when the load balancer
+  # performs TLS termination (like Amazon's ACM)
+  httpsToHttp: false
+
   # coderd.trustProxyIP -- Whether Coder should trust X-Real-IP and/or
   # X-Forwarded-For headers from your reverse proxy. This should only be turned
   # on if you're using a reverse proxy that sets both of these headers. This is