Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ALB Ingress - Redirect Traffic from HTTP to HTTPS not working

I am trying to route all HTTP traffic to HTTPS. I have a ALB ingress resource and following the guide here https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/#how-it-works but its not working. When i try to access http://www.myhost.in it stays with http but does not redirect to https

below is my ingress resource file

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: eks-learning-ingress
  namespace: production
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/certificate-arn: arn878ef678df
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
  labels:
    app: eks-learning-ingress
spec:
  rules:
  - host: www.myhost.in
    http:
      paths:
        - path: /*
          backend:
            serviceName: eks-learning-service
            servicePort: 80

Any help in this would be really great, Thanks.

like image 285
opensource-developer Avatar asked Feb 26 '20 11:02

opensource-developer


Video Answer


2 Answers

For anyone stumbling on this post. I was missing adding this as my http paths. Have in mind this needs to be the first specified path.

        - path: /*
          backend:
            serviceName: ssl-redirect
            servicePort: use-annotation
 

Once i added this redirection started working.

So the final config in question should look like this:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: eks-learning-ingress
  namespace: production
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/certificate-arn: arn878ef678df
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
  labels:
    app: eks-learning-ingress
spec:
  rules:
  - host: www.myhost.in
    http:
      paths:
        - path: /*
          backend:
            serviceName: ssl-redirect
            servicePort: use-annotation
        - path: /*
          backend:
            serviceName: eks-learning-service
            servicePort: 80
like image 182
opensource-developer Avatar answered Nov 04 '22 18:11

opensource-developer


In case anyone else is setting up a cluster with a newer API version; apiVersion: networking.k8s.io/v1, where the syntax is different, this is the way to go:

  - path: /
    pathType: Prefix
    backend:
      service:
        name: ssl-redirect
        port:
          name: use-annotation

Note: path must not contain a wildcard, as you are using pathType: Prefix that will fail to configure the ALB.

like image 28
suren Avatar answered Nov 04 '22 18:11

suren