emissary: Regression: Ambassador does not route insecure requests

Description

This bug has already been fixed in the past and it came back when updating the Helm Chart from 6.5.5 to 6.5.6 (or Ambassador 1.7.1 to 1.7.2).

Even if one follows the documentation for ClearText support, Ambassador categorically refuses to forward non HTTP requests and always forces redirection (HTTP 301).

---
apiVersion: getambassador.io/v2
kind: Module
metadata:
  name: ambassador
  namespace: ambassador
spec:
  config:
    enable_grpc_web: true
    use_proxy_proto: false
    use_remote_address: true
    x_forwarded_proto_redirect: false
...
apiVersion: getambassador.io/v2
kind: Host
metadata:
  name: ambassador
  namespace: ambassador
spec:
  hostname: "*.example.com"
  acmeProvider:
    authority: none
  requestPolicy:
    insecure:
      action: Route
      additionalPort: -1
...

About this issue

Original URL
State: closed
Created 4 years ago
Reactions: 1
Comments: 37 (20 by maintainers)

Commits related to this issue

(from AES) Add (failing) tests There are 3 toggles for known bugs bug_single_insecure_action = False # Do all Hosts have to have the same insecure.action? bug_forced_star = False ... — committed to emissary-ingress/emissary by LukeShu 4 years ago

Most upvoted comments

@srheaume Wait. ERR_SSL_PROTOCOL_ERROR implies that you’re trying to speak HTTPS rather than HTTP. Could you please describe exactly how your Ambassador is set up, including the load balancer in front of it? I apologize for rewinding here, but if you’re getting an SSL protocol error, we pretty clearly have some inconsistencies in what you’re trying to say and what we’re understanding.

kflynn on Sep 29, 2020

I believe the issue is that the .insecure.action isn’t being applied to hostnames with * in them.

LukeShu on Sep 18, 2020