emissary: TLS redirect_cleartext_from doesn't preserve path
Describe the bug url path is not preserved with redirect_cleartext_from set
To Reproduce
-
Follow TLS Termination documentation to create cert and store as kubernetes secret
-
Deploy ambassador with helm chart 2.2.1 with values:
service:
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v1
kind: Module
name: tls
config:
server:
enabled: True
secret: ambassador-certs
redirect_cleartext_from: 8080
- Deploy httpbin service to test redirect
---
apiVersion: v1
kind: Service
metadata:
name: httpbin
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v1
kind: Mapping
name: httpbin_mapping
prefix: /httpbin/
service: httpbin.org:80
host_rewrite: httpbin.org
spec:
ports:
- name: httpbin
port: 80
- curl the endpoint using http
curl -Li http://hostname/httpbin/
- Result: path is not preserved on redirect
HTTP/1.1 301 Moved Permanently
location: https://hostname/
date: Wed, 24 Apr 2019 20:12:19 GMT
server: envoy
content-length: 0
HTTP/2 404
date: Wed, 24 Apr 2019 20:12:19 GMT
server: envoy
Expected behavior
Path should be preserved and redirect to https://hostname/httpbin/
Versions (please complete the following information):
- Ambassador: [0.60.0] (using Helm chart 2.2.1)
- Kubernetes environment: [AKS]
- Version [1.12.7]
Additional context
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 2
- Comments: 27 (12 by maintainers)
The problem is that we shouldn’t be setting
"path_redirect": "/"if the intention is to preserve the path in the request. There is a logic in Envoy for that:I will open a PR shortly with the fix. Thanks!
@bpehling @christianhuening Thanks for the info. I will need to debug Envoy.
Looking into it now.
@gsagula It worked for me 👍
0.70.0 sadly has the same problem 😦
The same here with 0.61.1