Ingress-nginx: ingress controller not redirecting http to https

Created on 11 Jan 2019 · 24Comments · Source: kubernetes/ingress-nginx

Is this a request for help? (If yes, you should use our troubleshooting guide and community support channels, see https://kubernetes.io/docs/tasks/debug-application-cluster/troubleshooting/.):

What keywords did you search in NGINX Ingress controller issues before filing this one? (If you have found any duplicates, you should instead reply there.):

nginx ingress controller ssl

Is this a BUG REPORT or FEATURE REQUEST? (choose one):

NGINX Ingress controller version:
0.21.0

Kubernetes version (use kubectl version):
1.11.2

Environment:

Cloud provider or hardware configuration: Digital Ocean
OS (e.g. from /etc/os-release): Ubuntu 18.04.1 LTS
Kernel (e.g. uname -a): 4.15.0-42-generic
Install tools: kubeadm
Others:

What happened:
I added the following annotations to my ingress:

annotations: kubernetes.io/ingress.class: nginx certmanager.k8s.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
I then did kubectl apply -f <ingress.yaml>

What you expected to happen:
Going to http://mydomain.com should redirect to https://mydomain.com, but it did not happen

How to reproduce it (as minimally and precisely as possible):
Create an ingress with the annotations above and with a tls block inside spec. The tls block is properly configured with the hostnames (mydomain.com in the example)

Anything else we need to know:
I've tried all the suggestions I've found online for this, including having no nginx.ingress.kubernetes.io/force-ssl-redirect annotation at all, since the Internet said we didn't need this annotation if a tls block was defined, which it is. I also tried ingress.kubernetes.io/force-ssl-redirect (without the nginx at the front) and no dice.

Source

domino14

👍8

Most helpful comment

Adding nginx.ingress.kubernetes.io/force-ssl-redirect: "true" to each ingress resource fixed the issue for us. I do believe this is a bug though because according to the documentation, the controller should redirect to https by default when tls is enabled on an ingress. The docs also say that you should use the force-ssl-redirect annotation if no cert is available and you are terminating ssl outside the cluster. For us, a cert is available and working and we are using NLBs which are not set up to terminate ssl. I'm also pretty sure the redirect was working prior to upgrading ingress-nginx.
@ElvinEfendi

bluskool on 31 Oct 2019

👍11 😕2 🎉2 ❤1

All 24 comments

@domino14 please check the ingress controller pod logs. If the secret contains a valid SSL certificate, there is no need to add the annotation.

aledbf on 11 Jan 2019

@domino14 also check cert-manager certificate is generated

aledbf on 11 Jan 2019

Yes, SSL is working. My site has https, it works if I do https://mydomain.com, but if I do http://mydomain.com, I want it to _redirect_ to the https

domino14 on 11 Jan 2019

I have the same problem

bwtnicolasg on 22 Jan 2019

Same problem

joselazarosiqueira on 10 Apr 2019

Same problem

johnfedoruk on 27 Apr 2019

Here is my Ingress Resource - It's not redirecting to https

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-nginx
  annotations:
     kubernetes.io/ingress.class: "nginx"
     nginx.ingress.kubernetes.io/ssl-redirect: "false"
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
     nginx.ingress.kubernetes.io/rewrite-target: /
     nginx.ingress.kubernetes.io/secure-backends: "true"
spec:
  tls:
  - hosts: 
    - app.example.com
    secretName: app-tls
  rules:
    - host: app.example.com
      http:
        paths:
          - path: /*
            backend:
              serviceName: app-http
              servicePort: 80

avowsolutions on 22 May 2019

Same problem. Is there any update with this issue?

kalpesh6641 on 29 Jul 2019

Same problem. Is there any update with this issue?

No I am just using LoadBalancer instead.

avowsolutions on 30 Jul 2019

please use this

    set $proxy_upstream_name "-";
    set $pass_access_scheme $scheme;
    set $pass_server_port $server_port;
    set $best_http_host $http_host;
    set $pass_port $pass_server_port;
    set $proxy_alternative_upstream_name "";

    if ($scheme = http) {
       return 301 https://$server_name$request_uri;
    }

zffocussss on 29 Aug 2019

please note if you replace $scheme with $http_x_forwarded_proto. it will not take effect

zffocussss on 29 Aug 2019

by the way I change the nginx.tmpl as also

zffocussss on 29 Aug 2019

I success redirecting http to https by change configmap nginx-configuration -> ssl-redirect: "true"

bajingfai on 10 Oct 2019

i'm also having this issue

atecce on 10 Oct 2019

same issue here

onimisionipe on 11 Oct 2019

Can you upgrade to the latest version and try with that?

ElvinEfendi on 13 Oct 2019

same issue here

please ignore, my TLS certificates were wrong. It works well now. Thanks

onimisionipe on 14 Oct 2019

This is happening to us as well. We just changed out pod affinity settings and deployed ingress-nginx using the helm chart today and noticed that the redirect to https is not happening. Going directly to the https version of our sites works so I know the cert is valid. It's possible that this was happening before, but we only noticed this behavior after updating today. We are using the latest version (0.26.1).

bluskool on 31 Oct 2019

👍11 😕2 🎉2 ❤1

I spent more than 6 months finding a clean solution as I am using Helm chart for managing the lifecycle of apps, namely, ingress controller app.
I visited again today this issue, and I have to thank @bluskool for this contribution.

Yup! nginx.ingress.kubernetes.io/force-ssl-redirect: "true" fixes this issue immediately.

Note Update each ingress object annotations, and not ingress controller.