Redirection from http to https not working for custom backend service in Kubernetes Nginx Ingress Controller

9/28/2018

I have setup Custom Nginx ingress controller with Ingress resource in Kubernetes and instead of "default-http-backend service", I used custom application as the default backend service to be served for default requests. I have also used custom SSL which is set as kubernetes secret, for my service. The issue is that when I request the hostnames which are mentioned in the rules, the https redirection works. But when the requests other than the hosts mentioned in the rules are made, it serves the default app, but the https redirection does not work.

How can I redirect requests from http to https for all the requests including default requests. In other words, how to setup https redirection for wildcard domains in ingress resource.

Please find my yaml files for ingress resource.

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-resource
  namespace: default
  annotations:
   kubernetes.io/ingress.class: "nginx"
   kubernetes.io/ingress.allow-http: "false"
   ingress.kubernetes.io/rewrite-target: /
   ingress.kubernetes.io/ssl-redirect: "true"
   ingress.kubernetes.io/proxy-connect-timeout: "14400"
   ingress.kubernetes.io/proxy-send-timeout: "14400"
   ingress.kubernetes.io/proxy-read-timeout: "14400"
spec:
  tls:
  - secretName: tls-secret

  rules:

  - host: service1.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: service1
          servicePort: 80

  - host: service2.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: service2
          servicePort: 80

---
-- Alen T Mathew
kubernetes
kubernetes-ingress
nginx-ingress

1 Answer

10/1/2018

I needed to configure custom service (not default-http-backend service) for default requests which does not have rules set and this custom service should use custom SSL. At present nginx-ingress-controller doesn't do anything if the domain names are omitted from the Ingress rules (with the intention of the "wildcard" TLS cert being used). Therefore I have added the following code in the ingress yaml I used and this works perfectly. I have added the wildcard tls name in ingress rules at the bottom for the custom default service. Please find the code below:

  rules:

  - host: service1.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: service1
          servicePort: 80

  - host: service2.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: service2
          servicePort: 80

  - host: '*.example.com'
    http:
      paths:
      - path: /
        backend:
          serviceName: custom-backend-service
          servicePort: 80
-- Alen T Mathew
Source: StackOverflow