Search
Search

kubernetes nginx ingress fails to redirect HTTP to HTTPS

Artem Zakharov Published at Dev
90
Artem Zakharov

I have a web app hosted in the Google Cloud platform that sits behind a load balancer, which itself sits behind an ingress. The ingress is set up with an SSL certificate and accepts HTTPS connections as expected, with one problem: I cannot get it to redirect non-HTTPS connections to HTTPS. For example, if I connect to it with the URL http://foo.com or foo.com, it just goes to foo.com, instead of https://foo.com as I would expect. Connecting to https://foo.com explicitly produces the desired HTTPS connection.

I have tried every annotation and config imaginable, but it stubbornly refuses, although it shouldn't even be necessary since docs imply that the redirect is automatic if TLS is specified. Am I fundamentally misunderstanding how ingress resources work?

Update: Is it necessary to manually install nginx ingress on GCP? Now that I think about it, I've been taking its availability on the platform for granted, but after coming across information on how to install nginx ingress on the Google Container Engine, I realized the answer may be a lot simpler than I thought. Will investigate further.

Kubernetes version: 1.8.5-gke.0

Ingress YAML file:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: https-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    ingress.kubernetes.io/ssl-redirect: "true" 
    ingress.kubernetes.io/secure-backends: "true"    
    ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  tls:
    - hosts:
      - foo.com
      secretName: tls-secret
  rules:
    - host: foo.com
      http:
        paths:
          - path: /*
            backend:
              serviceName: foo-prod
              servicePort: 80

kubectl describe ing https-ingress output

Name:             https-ingress
Namespace:        default
Address:
Default backend:  default-http-backend:80 (10.56.0.3:8080)
TLS:
  tls-secret terminates foo.com
Rules:
  Host            Path  Backends
  ----            ----  --------
  foo.com
                  /*   foo-prod:80 (<none>)
Annotations:
  force-ssl-redirect:  true
  secure-backends:     true
  ssl-redirect:        true
Events:                <none>
Artem Zakharov

The problem was indeed the fact that the Nginx Ingress is not standard on the Google Cloud Platform, and needs to be installed manually - doh!

However, I found installing it to be much more difficult than anticipated (especially because my needs pertained specifically to GCP), so I'm going to outline every step I took from start to finish in hopes of helping anyone else who uses that specific cloud and has that specific need, and finds generic guides to not quite fit the bill.

  1. Get Cluster Credentials

This is a GCP specific step that tripped me up for a while - you're dealing with it if you get weird errors like

kubectl unable to connect to server: x509: certificate signed by unknown authority

when trying to run kubectl commands. Run this to set up your console:

gcloud container clusters get-credentials YOUR-K8s-CLUSTER-NAME --z YOUR-K8S-CLUSTER-ZONE

  1. Install Helm

Helm by itself is not hard to install, and the directions can be found on GCP's own docs; what they neglect to mention, however, is that on new versions of K8s, RBAC configuration is required to allow Tiller to install things. Run the following after helm init:

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
  1. Install Nginx Ingress through Helm

Here's another step that tripped me up - rbac.create=true is necessary for the aforementioned RBAC factor.

helm install --name nginx-ingress-release stable/nginx-ingress --set rbac.create=true

  1. Create your Ingress resource

This step is the simplest, and there are plenty of sample nginx ingress configs to tweak - see @JahongirRahmonov's example above. What you MUST keep in mind is that this step takes anywhere from half an hour to over an hour to set up - if you change the config and check again immediately, it won't be set up, but don't take that as implication that you messed something up! Wait for a while and see first.

It's hard to believe this is how much it takes just to redirect HTTP to HTTPS with Kubernetes right now, but I hope this guide helps anyone else stuck on such a seemingly simple and yet so critical need.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

Kubernetes Nginx Ingress HTTP to HTTPS redirect via 301 instead of 308?

how to redirect http to https using a kubernetes ingress controller on Amazon EKS

Helm chart nginx-ingress controller TCP redirect http to https

Redirect Google Kubernetes Ingress to HTTPS

How to debug Kubernetes nginx Ingress redirection from HTTP to HTTPS

Nginx with HTTP and HTTPS but no redirect

NGINX redirect http to https

Nginx - Redirect HTTP to HTTPS

kubernetes ingress and https redirect for apache not working

ingress nginx redirect from www to https

EKS ingress-nginx and NLB with https redirect

Disable SSL redirect for Kubernetes NGINX ingress

Kubernetes NGINX Ingress configmap 301 redirect

Kubernetes Nginx Ingress can connect to https pods?

How to redirect HTTP to HTTPS with Nginx Ingress Controller, AWS NLB and TLS certificate managed by AWS Certificate Manager?

Redirection from http to https not working for custom backend service in Kubernetes Nginx Ingress Controller

nginx - Disable http to https redirect?

Redirect HTTP to HTTPS (Middleware redirect vs Nginx)

HTTPS redirect not working for default backend of nginx-ingress-controller

Exclude specific hosts from ssl redirect in Kubernetes Nginx Ingress

How to set proxy_pass https in nginx ingress Kubernetes

Kubernetes ingress domain redirect

http -> https redirect in Google Kubernetes Engine

Can you redirect HTTP to HTTPS with a k8s Ingress?

ALB Ingress - Redirect Traffic from HTTP to HTTPS not working

Keycloak redirect nginx ingress

Nginx rewrite HTTP to HTTPS says redirect loop?

Redirect Http to Https in Elastic BeansTalk, Tomcat, Nginx

nginx redirect all http to https with exceptions

TOP Ranking

  1. 1

    pump.io port in URL

  2. 2

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  3. 3

    How to import an asset in swift using Bundle.main.path() in a react-native native module

  4. 4

    Inner Loop design for webscrapping

  5. 5

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  6. 6

    ggplotly no applicable method for 'plotly_build' applied to an object of class "NULL" if statements

  7. 7

    mysql.connector.errors.InterfaceError: 2003: Can't connect to MySQL server on '127.0.0.1:3306' (111 Connection refused)

  8. 8

    Removed zsh, but forgot to change shell back to bash, and now Ubuntu crashes (wsl)

  9. 9

    Ambiguous use of 'init' with CFStringTransform and Swift 3

  10. 10

    Resetting Value of <input type="time"> in Firefox

  11. 11

    Execute ./script.sh with a crontab

  12. 12

    Converting a class method to a property with a backing field

  13. 13

    Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

  14. 14

    How to update azerothcore-wotlk docker container

  15. 15

    How to set tab order for array of cluster,where cluster elements have different data types in LabVIEW?

  16. 16

    Grails with Oracle thick OCI driver authenticate to Oracle with wrong user

  17. 17

    How to pass data to the ng2-bs3-modal?

  18. 18

    Making Array From Page Elements in jQuery

  19. 19

    Retrieve Element Tag Value XML Using Bash

  20. 20

    Laravel's ORM sync with timestamps doesn't update timestamps

  21. 21

    Do animations stop css changes after animation completion?

HotTag

Archive