feat: HTTP -> HTTPS redirects on all site configs

[Lemmmy]

This PR changes the default behavior for setting up HTTP to HTTPS redirects. Previously, the redirects would only be set up if Casket was managing the TLS (it qualifies for automatic HTTPS).

Background

The conventional advice for servers using their own certificates or tls self_signed was to set up a redirect rule manually, like so:

redir 301 {
  if {>X-Forwarded-Proto} is http
  /  https://{host}{uri}
}

This is fine for one-off deployments, but when doing this for many domains, it becomes more appropriate to use a template. So, one might try:

(tls-selfsigned) {
  tls self_signed

  redir 301 {
    if {>X-Forwarded-Proto} is http
    /  https://{host}{uri}
  }
}

example.com {
  import tls-selfsigned
}

However, if the site that imports the template already has a redirect rule for /, this configuration will conflict. Thus, the desire to change the default behavior.

Solution

With this PR, all sites that have TLS enabled in any way will have a redirect created on the HTTP port. This is potentially a breaking change; if a configuration already assumes that nothing would be bound on port 80. To disable this behavior, you can now opt-out of the redirect creation per-site (even if the site qualifies for automatic HTTPS like before):

https://example.com {
  tls self_signed {
    no_redirect # Disable the automatic HTTP -> HTTPS redirect
  }
}