Giter Club home page Giter Club logo

Comments (12)

pasztorl avatar pasztorl commented on June 26, 2024 4

@ocdi yes, that is a solution, but.. the problem is that the sent out response use: https://xxx:443 and because of this the redirect location and the access log contains the :443 string. What I want to achieve that if a request goes to ingress to http://xxx the ingress send out the location with https and without port number like this: https://xxx

from kubernetes-ingress.

ivanmatmati avatar ivanmatmati commented on June 26, 2024 2

Hi @pasztorl , we'll discuss the need you expressed with the team.

from kubernetes-ingress.

ivanmatmati avatar ivanmatmati commented on June 26, 2024

Hi @pasztorl , We provide the ssl-redirect to redirect to ssl and ssl-redirect-port in case you need to redefine the port because of a different port like you explained. We redirect by default to the container port because it would be strange that with a direct access to haproxy from the cluster you would have to redefine the port because we would redirect to a non existing port. While if you have haproxy behind any middleware with a different port, it makes sense to adjust the redirection port in this case.

from kubernetes-ingress.

pasztorl avatar pasztorl commented on June 26, 2024

Hi @ivanmatmati , I understand it, and i think this option is important, but there is a way not to add :443 if the port is default https? I also forward the logs to a logdb and this case I have entries to example.com and example.com:443 from the redirects. Of course I can rewrite the log entry and delete the :443 but it would be better that the location sent out not contains the :443. There is a chance to configure that via haproxy?

from kubernetes-ingress.

ocdi avatar ocdi commented on June 26, 2024

This seems plain wrong to me. I shelled into the container and looked at the config, and I can see this line.

/etc/haproxy $ cat haproxy.cfg|grep 8443
  http-request redirect location https://%[hdr(host),field(1,:)]:8443%[capture.req.uri] code 302 if { var(txn.path_match) -m dom 92afcf7456e1a884dd198b1f8bfb6f63 }

I recently upgraded and are getting customer reports of this issue. This is standard web traffic, the redirect is going over the wire, outside the cluster. The controller has a load balancer service that is running on port 443, that internally goes to the 8443 port.

from kubernetes-ingress.

ocdi avatar ocdi commented on June 26, 2024

I was able to solve this by applying the port override to the helm chart.

name: controller.config.ssl-redirect-port
value: '443'

from kubernetes-ingress.

Frankkkkk avatar Frankkkkk commented on June 26, 2024

On top of that, having "sane" defaults like the https port to 443 instead of 8443 would make it easier for everyone IMHO

from kubernetes-ingress.

ivanmatmati avatar ivanmatmati commented on June 26, 2024

Hi @Frankkkkk , For security's sake, the ingress controller pod is rootless. The consequence is that the user attributed to the controller can't open ports below 1024. That's the reason for this port change.

from kubernetes-ingress.

Frankkkkk avatar Frankkkkk commented on June 26, 2024

from kubernetes-ingress.

Frankkkkk avatar Frankkkkk commented on June 26, 2024

from kubernetes-ingress.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.