K
Q

AWS ELB TCP http to https redirect with enabled proxy-protocol

10/3/2018

I have an nginx-ingress and ELB with TCP: enter image description here

I need TCP balancing because I use WebSocket.

nginx-ingress service annotations:

service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-connection-draining-timeout: "60"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:iam::<certificate arn>
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-TLS-1-2-2017-01
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https

I want to redirect all http to https. But if I set nginx.ingress.kubernetes.io/force-ssl-redirect: "true" in annotations I would get redirect loop (TOO_MANY_REDIRECTS).

How to redirect clients to HTTPS with enabled proxy-protocol?

-- Mikhail Naletov
amazon-web-services
kubernetes
nginx

Similar Questions

Kubernetes Service not accessible on AWS-EKS
Error while creating projects using openshift templates
Kubernetes: No Route to Host
Is kubeadm production ready now?
Actions to create secret on K8S
passing --serviceaccount in airflow kubernetes pod operator
Loki/Promtail - how to setup own scrape_configs?
How to use kubernetes pod file in my remote Jenkins job

0 Answers