My application does not need to respond to http requests, except to redirect them to https, but I'm having trouble configuring it for that. I have Django, behind Guincorn, behind a Google Cloud level 4 load balancer (set up through kubernetes). I'm not using nginx, because the static files are served through google cloud storage buckets so it seemed to add unnecessary complexity (is there a reason this is wrong?)
When I configure guincorn for https, it doesn't respond to http requests (ok). The first idea I had was to forward port 80 and 443 through the load balancer and then let django/guincorn take care of redirection, but I can't get guincorn to serve both http and https at the same time, even when I tried exposing two ports:
gunicorn --threads 2 -b :8000 --keyfile=key.txt --certfile=cert.txt myapp.wsgi
The load balancer config is:
apiVersion: v1
kind: Service
metadata:
name: xxx
labels:
name: xxx
spec:
ports:
- port: 443
name: https
targetPort: 8000
selector:
name: app
type: LoadBalancer
loadBalancerIP: xx.xx.xx.xx
It is possible to changes this so that gunicorn will also answer https requests? (the Django config is setup not to redirect http requests).
Or have I gone about this completely wrong? Should I be trying to perform the redirection at the load balancer itself?
The advice from kubernetes is to use an ingress controller with behind that (in this case) an nginx to redirect http to https.
What this does is: - The nginx looks at the http_forwarded_for and redirects to https if that is not set correctly. - The ingress will actually terminate the https for you so that your applications do not have to do this.
Look at https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx for detailed examples.