I am running Gunicorn behind a traefik ingress. HTTP is redirected to HTTPS by traefik, but for some reason gunicorn replies with a 301 pointing to HTTP. I have tried pretty much all the options I know off and didn't find any solution. I thought it might be related to something like https://stackoverflow.com/a/41488430/3719845.
Here are the annotations I use on my ingress:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/protocol: http
ingress.kubernetes.io/ssl-redirect: 'true'
traefik.frontend.rule.type: PathPrefix
ingress.kubernetes.io/custom-request-headers: 'x-forwarded-proto:https||x-forwarded-ssl:on||x-forwarded-protocol:ssl'I wasn't sure that the x-forwarded headers were set automatically by traefik so I hardcoded them.
On the gunicorn side, I use:
command:
- '/usr/local/bin/gunicorn'
args:
- '-b'
- '0.0.0.0:8080'
- '--log-level'
- 'debug'
- '--access-logfile'
- '-'
- '--error-logfile'
- '-'
- '--forwarded-allow-ips'
- '0.0.0.0'
- '--proxy-allow-from'
- '0.0.0.0'
- '--proxy-protocol'
- 'myapp'Same thing here I have been playing with the options but nothing seems to change.
Try this for your headers:
ingress.kubernetes.io/ssl-proxy-headers: "X-Forwarded-Proto: https"
ingress.kubernetes.io/ssl-redirect: "true"(This is a config used for aws elb. I don't know your specific configuration leading up to it)
From there, you may have a gunicorn issue not respecting the X-Forwarded-Proto header and would want to check their docs.