K
Q

Ingress SSL redirect with port number not replacing https port number

1/7/2018

In my local cluster trying redirect ingress http request to https. with below rules http -> https redirect is working but not replacing the https port number.

Ingress service port (80:30912,443:30004)

kg svc -n ingress-nginx
NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx          NodePort    10.110.221.155   <none>        80:30912/TCP,443:30004/TCP   7d

Ingress rule.

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    ingress.kubernetes.io/ssl-redirect: "true"
  name: httpbin-web-server
  namespace: default
spec:
  tls:
  - hosts:
    - httpbin.sfgroups.com
    secretName: tls-secret
  rules:
  - host: httpbin.sfgroups.com
    http:
      paths:
      - path: "/"
        backend:
          serviceName:  httpbin
          servicePort: 8000

Redirect output:

 curl --resolve httpbin.sfgroups.com:30912:192.168.16.211 http://httpbin.sfgroups.com:30912/ -o /dev/null -v -L
* Added httpbin.sfgroups.com:30912:192.168.16.211 to DNS cache
* About to connect() to httpbin.sfgroups.com port 30912 (#0)

> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: httpbin.sfgroups.com:30912
> Accept: */*
>
< HTTP/1.1 308 Permanent Redirect
< Server: nginx/1.13.7
< Date: Sat, 06 Jan 2018 09:59:02 GMT
< Content-Type: text/html
< Content-Length: 187
< Connection: keep-alive
< Location: https://httpbin.sfgroups.com:30912/
< Strict-Transport-Security: max-age=15724800; includeSubDomains;

As you can see https://httpbin.sfgroups.com:30912/ not replacing port 30912 to 30004.

How can I make this work?

Thnaks SR

edit.

I also added this in configmap, still having same issue.

kg configmap -n ingress-nginx nginx-configuration -o yaml
apiVersion: v1
data:
  use-port-in-redirects: "true"
kind: ConfigMap
-- sfgroups
kubernetes

Similar Questions

K8S EFK (especially Fluentd) daemonset for docker journald logging driver
How to use K8S node_problem_detector?
Deploying Go apps with micro-service architecture in containers or not in containers?
what is the meaning of status value in Kubernetes manifest file

2 Answers

9/10/2018

Did you get chance to look at https://github.com/kubernetes/ingress-nginx/issues/1743.

It seems the same use case and the solution from community is to specify use-port-in-redirects in the configuration configmap.

-- Yong Feng
Source: StackOverflow
1/7/2018

This is the issue in Ingress itself.Which version of ingress you are using? You can try with below image of ingress.

quay.io/aledbf/nginx-ingress-controller:0.89

You can restrict ingress to only https port by below specification in ingress service yml.

apiVersion: v1 kind: Service metadata: name: nginx-ingress spec: type: NodePort ports: - name: https port: 443 nodePort: 30082 targetPort: 443 selector: k8s-app: nginx-ingress-lb

-- Sudhir
Source: StackOverflow