emissary: HTTP and HTTPS listeners don't work together
Describe the bug I can’t use HTTP and HTTPS listeners together without “redirect_cleartext_from”.
To Reproduce Add the below annotation in the ambassador service:
apiVersion: ambassador/v0
kind: Module
name: tls
config:
server:
enabled: True
Expected behavior I want to create HTTP only services and HTTPS only services, but I can’t. When I enable the TLS module, the HTTP port in the pods is closed. So, to have both listeners opened, I need to use the “redirect_cleartext_from”, so all HTTP request are redirect to HTTPS.
Versions (please complete the following information):
- Ambassador: 0.40.2
- Kubernetes environment: Kubernetes
- Version: Client Version: version.Info{Major:“1”, Minor:“12”, GitVersion:“v1.12.2”, GitCommit:“17c77c7898218073f14c8d573582e8d2313dc740”, GitTreeState:“clean”, BuildDate:“2018-10-24T06:54:59Z”, GoVersion:“go1.10.4”, Compiler:“gc”, Platform:“linux/amd64”} Server Version: version.Info{Major:“1”, Minor:“10”, GitVersion:“v1.10.10”, GitCommit:“be1a908c6aa47e0ae1b1dc861a1de6ccfe963aa2”, GitTreeState:“clean”, BuildDate:“2018-11-13T11:33:04Z”, GoVersion:“go1.9.3”, Compiler:“gc”, Platform:“linux/amd64”}
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 2
- Comments: 18 (3 by maintainers)
This is something we would like to support. Currently, as a work-around, you can run two deployments of ambassador. One for http and another for https traffic.
We have the same problem: we prefer Ambassador to be able to work with http and https, while Envoy allows it.
Hello,
In issue https://github.com/datawire/ambassador/issues/1335, the proposed solution is to "create two instances of Ambassador (one for HTTP, one for HTTPS).
But (I think) this is not enough, because redirection is applied in all cases! 😦
Suposse this requirements:
Serve my application A on https://aaa.mycompany.com:443. http://aaa.mycompany.com:80 must not be redirected to https.
Serve my application B on https://bbb.mycompany.com:443. http://bbb.mycompany.com:80 must be redirected to https.
Serve my application C on http://ccc.mycompany.com:80 I haven’t certificates for this domain.
Envoy allows this configuration.