Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

EKS ingress-nginx and NLB with https redirect

I'm having issues with the nlb lately, it was quite an adventure to have nlb with https termination on the lb working with a redirection http=>https and an ingress-nginx on EKS.

Now, I want to have the X-Forwarded headers passed to the pod, but that breaks the http=>https redirection, I get a 400 on http requests.

On the service, I tried to put the service with http or tcp protocol, same thing.

Adding the service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" header to the service, activates the proxy protocol v2 on all targets, and activating use-proxy-protocol: 'true' in the configmap for nginx breaks the http-snippet with the 308 redirection:

http-snippet: |
    server {
      listen 2443;
      return 308 https://$host$request_uri;
    }

Does anyone has a way to make it so that it can use the nlb with all the good header and the redirect working?

EDIT at comment request adding full working config

apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/version: 0.41.0
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
data:
  http-snippet: |
    server {
      listen 2443 proxy_protocol;
      return 308 https://$host$request_uri;
    }
  proxy-real-ip-cidr: 10.4.0.0/16
  use-forwarded-headers: 'true'
  use-proxy-protocol: 'true'
  compute-full-forwarded-for: 'true'
like image 229
night-gold Avatar asked Jul 02 '26 11:07

night-gold


1 Answers

To conclude our comment discussion with @night-gold, to make NGINX to accept proxy protocol you have to specifically mention that in listen directive:

http {
    #...
    server {
        listen 80   proxy_protocol;
        listen 443  ssl proxy_protocol;
        #...
    }
}

Check out NGINX guide for more.

If you use Ingress-Nginx Controller, this is configured globally through its configMap. Put use-proxy-protocol: "true" under controller.config in your Helm chart values.yml. Like this:

# ingress-nginx values.yml
controller:
  config:
    use-proxy-protocol: "true"
    # ... other global settings
like image 190
anemyte Avatar answered Jul 05 '26 05:07

anemyte



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!