ingress-nginx: Ingress with app-root and force-ssl-redirect is not redirecting to HTTPS

Is this a BUG REPORT or FEATURE REQUEST? (choose one): BUG REPORT

NGINX Ingress controller version: 0.19.0

Kubernetes version (use kubectl version): Server Version: v1.10.5

Environment:

  • Cloud provider or hardware configuration: AWS
  • OS (e.g. from /etc/os-release): Debian GNU/Linux 8 (jessie)
  • Kernel (e.g. uname -a): 4.4.121-k8s
  • Install tools: kops

What happened: The ingress controller is set up with TLS termination at the ELB. The Ingress is set with with app-root and force-ssl-redirect. The request is not redirecting to HTTPS correctly.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kibana-ingress
  namespace: monitoring
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/app-root: "/_plugin/kibana"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  rules:
  - host: foo.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: elasticsearch
          servicePort: 80

$ curl -I -k https://foo.example.com/
HTTP/1.1 302 Moved Temporarily
Content-Length: 161
Content-Type: text/html
Date: Fri, 12 Oct 2018 18:45:25 GMT
Location: http://foo.example.com/_plugin/kibana
Server: nginx/1.15.3
Connection: keep-alive

What you expected to happen:

I expect the redirect to target HTTPS.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 3
  • Comments: 16 (2 by maintainers)

Most upvoted comments

But the documentation of the annotations states “When using SSL offloading outside of cluster (e.g. AWS ELB) it may be useful to enforce a redirect to HTTPS even when there is no TLS certificate available. This can be achieved by using the nginx.ingress.kubernetes.io/force-ssl-redirect: “true” annotation in the particular resource.”

It specifically mentions that you terminate on the elb and that you don’t need a TLS cert

I’m having the same issue just without app-root and I just can’t get the redirect to work

+13
Hermain on Jan 10, 2019

I am working on this, I will push a PR hopefully in the upcoming few days.

+9
ezzoueidi on Mar 18, 2019

@motarski I was able to get mine to work by rolling back to the previous version, here’s what I did..

Update:

Someone came up with a better solution in this other thread.

+2
trueinviso on Feb 26, 2019

Same problem here, anyone could help ?

+1
tdien105 on Jan 21, 2019
Read more comments on GitHub
← ingress-nginx: Ingress v0.35.0 - Failed to load tracing library
ingress-nginx: Installation helm chart failed with "error getting secret" →