Redirect inbound http to https on the same port

What happened?

Is there a way to redirect inbound http requests to https on the same non-standard port using Pomerium only (i.e. without the help of external proxy such as Nginx)?

For example, my routing is configured as follows:

  - from:
    to: http://verify:8000

When accessing the url with http (, I got 503 error.

I am aware that Nginx can redirect http to https on the same port using error_page directive. But I wonder if it is possible to achieve this using Pomerium only.

What did you see in the logs?

{"level":"debug","service":"envoy","name":"conn_handler","time":"2022-11-01T08:59:02Z","message":"[C10] new connection from"}
{"level":"debug","service":"envoy","name":"connection","time":"2022-11-01T08:59:02Z","message":"[C10] remote address:,TLS error: 268435612:SSL routines:OPENSSL_internal:HTTP_REQUEST"}
{"level":"debug","service":"envoy","name":"connection","time":"2022-11-01T08:59:02Z","message":"[C10] closing socket: 0"}
{"level":"debug","service":"envoy","name":"conn_handler","time":"2022-11-01T08:59:02Z","message":"[C10] adding to cleanup list"}

Hey @tianze ,

We have a command called http redirect address which is what I think you are looking for.

If set, the HTTP Redirect Address specifies the host and port to redirect http to https traffic on. If unset, no redirect server is started.

Thanks for your reply~

However it seems that this command cannot redirect http to https on the same port. It needs to listen and bind to a http port, which cannot be the same as the https port:

{"level":"error","service":"envoy","name":"config","time":"2022-11-03T08:22:40Z","message":"listener \\'https-ingress\\' failed to bind or apply socket options: cannot bind \\'\\': Address already in use"}

Nginx, on the other hand, is able to detect the http-request-on-https-port error (response code 497) and then redirect to https using the error_page derective as mentioned before.

correct, HTTP and HTTPS ports must be different.