Comments (10)
pasztorl
commented on June 21, 2024
2
@ocdi yes, that is a solution, but.. the problem is that the sent out response use: https://xxx:443 and because of this the redirect location and the access log contains the :443 string. What I want to achieve that if a request goes to ingress to http://xxx the ingress send out the location with https and without port number like this: https://xxx
from kubernetes-ingress.
ivanmatmati
commented on June 21, 2024
2
Hi @pasztorl , we'll discuss the need you expressed with the team.
from kubernetes-ingress.
ivanmatmati
commented on June 21, 2024
Hi @pasztorl , We provide the ssl-redirect to redirect to ssl and ssl-redirect-port in case you need to redefine the port because of a different port like you explained. We redirect by default to the container port because it would be strange that with a direct access to haproxy from the cluster you would have to redefine the port because we would redirect to a non existing port. While if you have haproxy behind any middleware with a different port, it makes sense to adjust the redirection port in this case.
from kubernetes-ingress.
pasztorl
commented on June 21, 2024
Hi @ivanmatmati , I understand it, and i think this option is important, but there is a way not to add :443 if the port is default https? I also forward the logs to a logdb and this case I have entries to example.com and example.com:443 from the redirects. Of course I can rewrite the log entry and delete the :443 but it would be better that the location sent out not contains the :443. There is a chance to configure that via haproxy?
from kubernetes-ingress.
ocdi
commented on June 21, 2024
This seems plain wrong to me. I shelled into the container and looked at the config, and I can see this line.
/etc/haproxy $ cat haproxy.cfg|grep 8443
http-request redirect location https://%[hdr(host),field(1,:)]:8443%[capture.req.uri] code 302 if { var(txn.path_match) -m dom 92afcf7456e1a884dd198b1f8bfb6f63 }
I recently upgraded and are getting customer reports of this issue. This is standard web traffic, the redirect is going over the wire, outside the cluster. The controller has a load balancer service that is running on port 443, that internally goes to the 8443 port.
from kubernetes-ingress.
ocdi
commented on June 21, 2024
I was able to solve this by applying the port override to the helm chart.
name: controller.config.ssl-redirect-port
value: '443'from kubernetes-ingress.
Related Issues (20)
- crd-check.go invocation should be idempotent in case of exising CRDs HOT 4
- Prometheus metrics of the pods in MAINT state HOT 1
- annotation "haproxy.org/load-balance: uri path-only" causes configuration reloads HOT 2
- Access logs settings get overridden if using a Global Custom Resource HOT 6
- constant prometheus reloading HOT 4
- default backend not working when --ingress.class defined HOT 2
- Regular expressions in "path" do not appear to work HOT 1
- docs: `haproxy.org/server-ssl` tip is misleading HOT 1
- Ingress reloading almost all the time with v1.11.1 HOT 1
- Add ability to use oauth2 authentication. HOT 3
- Use existing NLB for HAProxy ingress HOT 2
- questions about request headers HOT 3
- Deployment yaml still point to privileged port after s6 upgrade HOT 3
- frontend tcp-514: cannot bind socket (Permission denied) for [0.0.0.0:514] HOT 2
- haproxy ingress 1.11.2 reloads when number of backend pods scales HOT 9
- When specifying a server-proto annotation the check parameter is omitted
- Using both annotations "haproxy.org/cr-backend" and "haproxy.org/<parameter>" HOT 3
- Docs: when adjusting --sync-period, must also adjust initialDelaySeconds HOT 4
- Controller restarts haproxy every 5 minutes with message "restart required : Global config updated: " HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-ingress.