Comments (12)
@ocdi yes, that is a solution, but.. the problem is that the sent out response use: https://xxx:443 and because of this the redirect location and the access log contains the :443 string. What I want to achieve that if a request goes to ingress to http://xxx the ingress send out the location with https and without port number like this: https://xxx
from kubernetes-ingress.
Hi @pasztorl , we'll discuss the need you expressed with the team.
from kubernetes-ingress.
Hi @pasztorl , We provide the ssl-redirect to redirect to ssl and ssl-redirect-port in case you need to redefine the port because of a different port like you explained. We redirect by default to the container port because it would be strange that with a direct access to haproxy from the cluster you would have to redefine the port because we would redirect to a non existing port. While if you have haproxy behind any middleware with a different port, it makes sense to adjust the redirection port in this case.
from kubernetes-ingress.
Hi @ivanmatmati , I understand it, and i think this option is important, but there is a way not to add :443 if the port is default https? I also forward the logs to a logdb and this case I have entries to example.com and example.com:443 from the redirects. Of course I can rewrite the log entry and delete the :443 but it would be better that the location sent out not contains the :443. There is a chance to configure that via haproxy?
from kubernetes-ingress.
This seems plain wrong to me. I shelled into the container and looked at the config, and I can see this line.
/etc/haproxy $ cat haproxy.cfg|grep 8443
http-request redirect location https://%[hdr(host),field(1,:)]:8443%[capture.req.uri] code 302 if { var(txn.path_match) -m dom 92afcf7456e1a884dd198b1f8bfb6f63 }
I recently upgraded and are getting customer reports of this issue. This is standard web traffic, the redirect is going over the wire, outside the cluster. The controller has a load balancer service that is running on port 443, that internally goes to the 8443 port.
from kubernetes-ingress.
I was able to solve this by applying the port override to the helm chart.
name: controller.config.ssl-redirect-port
value: '443'
from kubernetes-ingress.
On top of that, having "sane" defaults like the https port to 443 instead of 8443 would make it easier for everyone IMHO
from kubernetes-ingress.
Hi @Frankkkkk , For security's sake, the ingress controller pod is rootless. The consequence is that the user attributed to the controller can't open ports below 1024. That's the reason for this port change.
from kubernetes-ingress.
from kubernetes-ingress.
from kubernetes-ingress.
Related Issues (20)
- annotation "haproxy.org/load-balance: uri path-only" causes configuration reloads HOT 2
- Access logs settings get overridden if using a Global Custom Resource HOT 6
- constant prometheus reloading HOT 4
- default backend not working when --ingress.class defined HOT 2
- Regular expressions in "path" do not appear to work HOT 1
- docs: `haproxy.org/server-ssl` tip is misleading HOT 1
- Ingress reloading almost all the time with v1.11.1 HOT 1
- Add ability to use oauth2 authentication. HOT 3
- Use existing NLB for HAProxy ingress HOT 2
- questions about request headers HOT 3
- Deployment yaml still point to privileged port after s6 upgrade HOT 3
- frontend tcp-514: cannot bind socket (Permission denied) for [0.0.0.0:514] HOT 2
- haproxy ingress 1.11.2 reloads when number of backend pods scales HOT 9
- When specifying a server-proto annotation the check parameter is omitted
- Using both annotations "haproxy.org/cr-backend" and "haproxy.org/<parameter>" HOT 3
- Docs: when adjusting --sync-period, must also adjust initialDelaySeconds HOT 4
- Controller restarts haproxy every 5 minutes with message "restart required : Global config updated: " HOT 4
- Docs: Add info about --job-check-crd to documentation HOT 1
- Ingress Pods Fail to Start HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-ingress.