diff --git a/internal/cmd/deploy.go b/internal/cmd/deploy.go
index 0563937..f5d968c 100644
--- a/internal/cmd/deploy.go
+++ b/internal/cmd/deploy.go
@@ -31,6 +31,7 @@ func newDeployCommand() *deployCommand {
 
 	deployCommand.cmd.Flags().BoolVar(&deployCommand.args.ServiceOptions.TLSEnabled, "tls", false, "Configure TLS for this target (requires a non-empty host)")
 	deployCommand.cmd.Flags().StringVar(&deployCommand.args.ServiceOptions.TLSOnDemandUrl, "tls-on-demand-url", "", "Will make an HTTP request to the given URL, asking whether a host is allowed to have a certificate issued.")
+	deployCommand.cmd.Flags().BoolVar(&deployCommand.args.ServiceOptions.TLSFlexibleMode, "tls-flexible-mode", false, "Allow Kamal proxy to be flexible (accept both HTTP and HTTPS traffic)")
 	deployCommand.cmd.Flags().BoolVar(&deployCommand.tlsStaging, "tls-staging", false, "Use Let's Encrypt staging environment for certificate provisioning")
 	deployCommand.cmd.Flags().StringVar(&deployCommand.args.ServiceOptions.TLSCertificatePath, "tls-certificate-path", "", "Configure custom TLS certificate path (PEM format)")
 	deployCommand.cmd.Flags().StringVar(&deployCommand.args.ServiceOptions.TLSPrivateKeyPath, "tls-private-key-path", "", "Configure custom TLS private key path (PEM format)")
diff --git a/internal/server/service.go b/internal/server/service.go
index 4ffadc8..eb07194 100644
--- a/internal/server/service.go
+++ b/internal/server/service.go
@@ -72,6 +72,7 @@ type ServiceOptions struct {
 	TLSOnDemandUrl     string `json:"tls_on_demand_url"`
 	TLSCertificatePath string `json:"tls_certificate_path"`
 	TLSPrivateKeyPath  string `json:"tls_private_key_path"`
+	TLSFlexibleMode 	 bool 	`json:"tls_flexible_mode"`
 	ACMEDirectory      string `json:"acme_directory"`
 	ACMECachePath      string `json:"acme_cache_path"`
 	ErrorPagePath      string `json:"error_page_path"`
@@ -391,7 +392,7 @@ func (s *Service) createMiddleware(options ServiceOptions, certManager CertManag
 func (s *Service) serviceRequestWithTarget(w http.ResponseWriter, r *http.Request) {
 	LoggingRequestContext(r).Service = s.name
 
-	if s.options.TLSEnabled && r.TLS == nil {
+	if s.options.TLSEnabled && s.options.TLSFlexibleMode == false && r.TLS == nil {
 		s.redirectToHTTPS(w, r)
 		return
 	}