apache · spacewander · May 18, 2022 · May 17, 2022 · May 17, 2022 · May 17, 2022
diff --git a/apisix/plugins/redirect.lua b/apisix/plugins/redirect.lua
@@ -24,7 +24,8 @@ local ipairs = ipairs
 local ngx = ngx
 local str_find = core.string.find
 local str_sub  = string.sub
-local tonumber = tonumber
+local type = type
+local math_random = math.random
 
 local lrucache = core.lrucache.new({
     ttl = 300, count = 100
@@ -148,7 +149,30 @@ function _M.rewrite(conf, ctx)
     core.log.info("plugin rewrite phase, conf: ", core.json.delay_encode(conf))
 
     local ret_code = conf.ret_code
-    local ret_port = tonumber(ctx.var["var_x_forwarded_port"])
+    local local_conf = core.config.local_conf()
+    local ret_port = core.table.try_read_attr(local_conf,
 local attr = plugin.plugin_attr(plugin_name) 
 local attr = plugin.plugin_attr(plugin_name) 
+            "plugin_attr",
+            "redirect_https_port")
+
+    if not ret_port then
+        local ssl = core.table.try_read_attr(local_conf,
+                "apisix",
+                "ssl")
+        if ssl and ssl["enable"] then
+            ret_port = ssl["listen_port"]
+            if not ret_port then
+                local ret_ports = ssl["listen"]
+                if ret_ports and #ret_ports > 0 then
+                    local idx = math_random(1, #ret_ports)
+                    ret_port = ret_ports[idx]
+                    if type(ret_port) == "table" then
+                        ret_port = ret_port.port
+                    end
+                end
+            end
+        end
+    end
+
     local uri = conf.uri
     local regex_uri = conf.regex_uri
 

diff --git a/conf/config-default.yaml b/conf/config-default.yaml
@@ -470,3 +470,4 @@ plugin_attr:
       connect: 60s
       read: 60s
       send: 60s
+  redirect_https_port: 8443   # the default port for use by HTTP redirects to HTTPS
diff --git a/docs/en/latest/plugins/redirect.md b/docs/en/latest/plugins/redirect.md
@@ -45,7 +45,10 @@ The `redirect` Plugin can be used to configure redirects.
 
 Only one of `http_to_https`, `uri` and `regex_uri` can be configured.
 
-* When enabling `http_to_https`, the port in the redirect URL will be the value of header `X-Forwarded-Port` or the port of the server.
+* When enabling `http_to_https`, the ports in the redirect URL will pick a value in the following order (in descending order of priority)
+  * Read `plugin_attr.redirect_https_port` from the configuration file.
+  * If `apisix.ssl` is enabling, read `apisix.ssl.listen_port` first, and if it does not exist, read `apisix.ssl.listen` and select a random port from it.
+  * Use 443 as the default https port.
 
 :::
 

diff --git a/docs/zh/latest/plugins/redirect.md b/docs/zh/latest/plugins/redirect.md
@@ -45,7 +45,10 @@ description: 本文介绍了关于 Apache APISIX `redirect` 插件的基本信
 
 `http_to_https`、`uri` 和 `regex_uri` 只能配置其中一个属性。
 
-* 当开启 `http_to_https` 时，重定向 URL 中的端口将是 `X-Forwarded-Port` 请求头的值或服务器的端口。
+* 当开启 `http_to_https` 时，重定向 URL 中的端口将按如下顺序选取一个值（按优先级从高到低排列）
+  * 从配置文件中读取 `plugin_attr.redirect_https_port`。
+  * 如果 `apisix.ssl` 处于开启状态，先读取 `apisix.ssl.listen_port`，如果没有，再读取 `apisix.ssl.listen` 并从中随机选一个 `port`。
+  * 使用 443 作为默认 `https port`。
 
 :::