Argo-cd: ERR_TOO_MANY_REDIRECTS

Created on 9 Jan 2020  路  10Comments  路  Source: argoproj/argo-cd

The following configuration was performed according to the official documentation(https://argoproj.github.io/argo-cd/getting_started/):

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: argocd-server-ingress
annotations:
kubernetes.io/ingress.class: crs-nginx
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:

  • host: argocd.gril.com
    http:
    paths:

    • backend:

      serviceName: argocd-server

      servicePort: 443

now锛宔ncounter a redirect loop or are getting a 307 response code.So I added nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" according to the official documentation to the configuration above.

The web page can be opened normally,But I got the following error during argocd login command

FATA[0008] rpc error: code = Internal desc = transport: received the unexpected content-type "text/plain; charset=utf-8"

I don't know how to configure it to open the page normally and the argocd login command can log in normally.

cli documentation docs
Source
picture wiliiwin
👍14

Most helpful comment

After searching for a while I found a solution that works in my case.
I'm using Traefik instead of Nginx, but I believe this can be used with any ingress controller.

The problem is that by default Argo-CD handles TLS termination itself and always redirects HTTP requests to HTTPS. Combine that with an ingress controller that also handles TLS termination and always communicates with the backend service with HTTP and you get Argo-CD's server always responding with a redirects to HTTPS.

So one of the solutions would be to disable HTTPS on Argo-CD, which you can do by using the --insecure flag on argocd-server.

This is actually documented here:
https://argoproj.github.io/argo-cd/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
Its just not exactly obvious.

It would be nice if there was a page with command line flags for the server somewhere in the docs.

picture leandro-manifesto on 23 Mar 2020
👍13 🎉4 🚀1

All 10 comments

Same problem, any workaround ?

boukandouramhamed picture boukandouramhamed on 11 Mar 2020

Same problem!

mkryva picture mkryva on 11 Mar 2020

After searching for a while I found a solution that works in my case.
I'm using Traefik instead of Nginx, but I believe this can be used with any ingress controller.

The problem is that by default Argo-CD handles TLS termination itself and always redirects HTTP requests to HTTPS. Combine that with an ingress controller that also handles TLS termination and always communicates with the backend service with HTTP and you get Argo-CD's server always responding with a redirects to HTTPS.

So one of the solutions would be to disable HTTPS on Argo-CD, which you can do by using the --insecure flag on argocd-server.

This is actually documented here:
https://argoproj.github.io/argo-cd/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
Its just not exactly obvious.

It would be nice if there was a page with command line flags for the server somewhere in the docs.

leandro-manifesto picture leandro-manifesto on 23 Mar 2020
👍13 🎉4 🚀1

Using NGINX ingress, send --insecure arg for container of argocd-server Deployment. It works for me.

spec:
  containers:
  - command:
    - argocd-server
    - --staticassets
    - /shared/app
    - --insecure

Help: https://argoproj.github.io/argo-cd/operator-manual/ingress/

georgepaoli picture georgepaoli on 12 Jun 2020
👍81

Somehow I ran into the same issue with a 308 redirect. I added the --insecure arg but no change so far. Any ideas?

chrkaatz picture chrkaatz on 27 Aug 2020
👀1

Nginx and other reverse proxies send the header X-Forwarded-Proto to indicate that TLS is being handled by the proxy. This could be checked in addition to checking the secure setting in the useSecure function. I have yet to venture into writing Go, so I am not sure of how that is done exactly. Maybe I will give it a shot.

brianlmoon picture brianlmoon on 14 Sep 2020

For my case, i have AWS ELB where the SSL is offloaded, then ingress controller receives on port 80, then forward to argocd-server service on insecure port (80).

I fixed the issue of too-many-redirects by implementing the above solution: 

spec:
  containers:
  - command:
    - argocd-server
    - --staticassets
    - /shared/app
    - --insecure # <-- this thing needs to be added
abdennour picture abdennour on 20 Sep 2020
👍1

I was struggling with this issue for ours, and finally found this thread.

@georgepaoli suggesiton worked. Adding --insecure fixed the issue. I suggest adding this to Argo's Traefik docs while the issue persists.

delucca picture delucca on 16 Oct 2020

Spent half a day with ingress settings only to figure out this small piece of information missing. Thanks @leandro-manifesto

corestackdev picture corestackdev on 16 Oct 2020

Thanks for this, I wrote a little patch here and the IngressRoute CRD I use here. I wrote an article about all of this and more here.

ams0 picture ams0 on 16 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

toolbar23 picture toolbar23  路  22Comments
storm1kk picture storm1kk  路  20Comments
tomjohnburton picture tomjohnburton  路  26Comments
jeremyhermann picture jeremyhermann  路  24Comments
rosscdh picture rosscdh  路  20Comments