Skip to main content
This guide shows how to configure an explicit HTTP to HTTPS redirect on a Datum HTTPProxy using a RequestRedirect filter.
AI Edge enforces HTTPS by default. This guide applies when you have disabled that enforcement, or when you need a custom redirect configuration — for example, redirecting from a specific path or returning a 302 instead of the default 301.

Overview

A RequestRedirect filter responds to the client with a redirect response directly — no backend is reached. The AI Edge handles the redirect at the proxy layer. At a high level, this setup:
  1. Matches all incoming requests on a hostname
  2. Returns a 301 Moved Permanently redirect to the same URL using https

Prerequisites

  • datumctl installed and authenticated
  • A valid Project
  • An existing HTTPProxy hostname, or create a new one with this guide

Configuration Steps

Step 1: Set Variables

Windows (PowerShell)

$PROJECT    = "your-project-id"
$NAMESPACE  = "default"
$PROXY_NAME = "https-redirect-demo"
$HOSTNAME   = "your-app.example.com"

macOS / Linux

PROJECT="your-project-id"
NAMESPACE="default"
PROXY_NAME="https-redirect-demo"
HOSTNAME="your-app.example.com"

Step 2: Apply the Redirect Configuration

The RequestRedirect filter requires type: RequestRedirect. No backend is needed — the redirect is returned immediately by the proxy.

Windows (PowerShell)

@"
apiVersion: networking.datumapis.com/v1alpha
kind: HTTPProxy
metadata:
  name: $PROXY_NAME
spec:
  hostnames:
  - $HOSTNAME
  rules:
  - name: https-redirect
    matches:
    - path:
        type: PathPrefix
        value: /
    filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https
        statusCode: 301
"@ | datumctl apply --project $PROJECT --namespace $NAMESPACE -f -

macOS / Linux

cat <<EOF | datumctl apply --project $PROJECT --namespace $NAMESPACE -f -
apiVersion: networking.datumapis.com/v1alpha
kind: HTTPProxy
metadata:
  name: $PROXY_NAME
spec:
  hostnames:
  - $HOSTNAME
  rules:
  - name: https-redirect
    matches:
    - path:
        type: PathPrefix
        value: /
    filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https
        statusCode: 301
EOF

Verification

Test that a plain HTTP request receives a redirect:
curl -I http://$HOSTNAME/
Expected response:
HTTP/1.1 301 Moved Permanently
Location: https://your-app.example.com/
Confirm that the Location header uses https and preserves the path.

Cleanup

Windows (PowerShell)

datumctl delete httpproxy $PROXY_NAME `
  --project $PROJECT --namespace $NAMESPACE --ignore-not-found

macOS / Linux

datumctl delete httpproxy $PROXY_NAME \
  --project $PROJECT --namespace $NAMESPACE --ignore-not-found

Troubleshooting

SymptomRoot CauseResolution
API rejects the resourcetype field missing from filterAdd type: RequestRedirect to the filter
Redirect loopBoth HTTP and HTTPS rules redirectEnsure the redirect rule only targets HTTP traffic
Location header has wrong hostnameHostname not setAdd hostname to requestRedirect to override
Client receives 302 instead of 301Default or explicit statusCode: 302Set statusCode: 301 for a permanent redirect

Best Practices

  • Use statusCode: 301 for permanent redirects — browsers and crawlers cache these
  • Use statusCode: 302 only when the redirect is temporary (e.g., maintenance)
  • If redirecting to a different hostname, set requestRedirect.hostname explicitly rather than relying on the Host header

Summary

  • HTTP to HTTPS redirects use type: RequestRedirect with scheme: https
  • The type field is required on all filters
  • No backend is needed — RequestRedirect is a terminal filter that responds to the client directly
  • statusCode accepts 301 (permanent) or 302 (temporary)
Last modified on June 3, 2026