Ingress-nginx: Feature request: ssl-redirect on gce controller

Created on 18 Aug 2017  路  3Comments  路  Source: kubernetes/ingress-nginx

Is there any plan to support ingress.kubernetes.io/ssl-redirect annotation on gce controller?

If not, what's the recommended workaround for this? Examining headers is not always possible, since backend application is often out of our control.

picture smeruelo
👍4

All 3 comments

i would not expect it to work it any time soon. here is feature request for https redirection and it's almost 2 years old https://issuetracker.google.com/issues/35904733
and i don't think it's possible without examining the headers. you can always switch to alternative ingress controller though.

hatemosphere picture hatemosphere on 24 Aug 2017
😕5

Another workaround is to run a proxy between GCLB and your app that checks the x-forwarded-proto header for https and redirects if it is http.

Or you can implement this in your app.

This is a pretty commonly implemented header by most load balancers/cdns to identify client->proxy/lb connections. It will look like this:

x-forwarded-proto=http
// or
x-forwarded-proto=https

In either case (workaround or some GCP solution), the request has already transmitted the data in plaintext over the internet so if that initial request had any sensitive data, it could already be sniffed.

If you don't want that, you can use this GCE Ingress annotation to disable requests to port 80 completely:

kubernetes.io/ingress.allow-http: "false"
tonglil picture tonglil on 14 Sep 2017
👎4 👍1

This issue was moved to kubernetes/ingress-gce#51

bowei picture bowei on 11 Oct 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lachlancooper picture lachlancooper  路  3Comments
geek876 picture geek876  路  3Comments
kfox1111 picture kfox1111  路  3Comments
cxj110 picture cxj110  路  3Comments
natemurthy picture natemurthy  路  3Comments