Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP to HTTPS redirect #923

Closed
Adiqq opened this issue Mar 9, 2018 · 4 comments
Closed

HTTP to HTTPS redirect #923

Adiqq opened this issue Mar 9, 2018 · 4 comments

Comments

@Adiqq
Copy link

Adiqq commented Mar 9, 2018

Hi,

I had problem with HTTP to HTTPS redirect,

apiVersion: voyager.appscode.com/v1beta1
kind: Ingress
metadata:
  name: test-https-ingress
  namespace: default
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/hsts: "false"
    ingress.appscode.com/force-ssl-redirect: "true"
spec:
  tls:
  - secretName: tls-secret
    hosts:
    - "*.a"
  rules:
  - host: "*.a"
    http:
      port: '32100'
      nodePort: '32100'
      paths:
      - backend:
          serviceName: httpbin
          servicePort: '8000'
  - host: "*.a"
    http:
      port: '32101'
      nodePort: '32101'
      paths:
      - backend:
          serviceName: httpbin2
          servicePort: '8000'

If i understand correctly, http://sample.a:32100 should redirect to https://sample.a:32100 with
force-ssl-redirect: true ?

It works correctly if I add e.g.:

frontendRules:
  - port: 32100
    rules:
    - acl http      ssl_fc,not
    - http-request redirect scheme https if http
@tamalsaha
Copy link
Contributor

Which version of operator are you using?

@Adiqq
Copy link
Author

Adiqq commented Mar 9, 2018
edited

appscode/voyager:6.0.0-rc.0

Also

- acl http      ssl_fc,not
- http-request redirect scheme https if http

Didn't fully solved it, for some reason it works only with chrome, but only if I enter http://sample.a:32100 manually in address bar.
If i point to http://sample.a:32100 with link, I get ERR_EMPTY_RESPONSE .

I get this error in container with appscode/haproxy:1.7.9-6.0.0-rc.0

local0.info: Mar  9 14:26:19 haproxy[84]: 172.29.248.134:1956 [09/Mar/2018:14:26:19.919] http-0_0_0_0-32100/1: SSL handshake failure

It works fine with https://sample.a:32100 .

@tamalsaha
Copy link
Contributor

If i understand correctly, http://sample.a:32100 should redirect to https://sample.a:32100

That is not technically possible. http (80) -> https (443) redirect works when you use standard ports. Meaning you go to http://example.com (ie, http://example.com:80) and voyager redirects to https://example.com (is, https://example.com:443) . HAProxy is serving http protocol on port 80 and https protocol on port 443.

In your case, you are using non-standard port 32100 and HAProxy is only serving https protocol on that port. So, when you connect with https, it works. If you try to connect to port 32100 using http, it shows that SSL handshake failure error.

@Adiqq
Copy link
Author

Adiqq commented Mar 9, 2018

Ok, thanks, that makes sense.

@Adiqq Adiqq closed this as completed Mar 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tamalsaha @Adiqq