Hi all.
I’m having issues setting up HTTP to HTTPS redirect on the kong ingress while using AWS ELB (classic) and HTTPS listener for TLS offloading. With the current configuration no matter whether the request arrives via HTTP or HTTPS kong issues 302 redirect. By the looks of it Kong is not handling the X-Forward-Proto
header supplied by the ELB.
I have followed the posts in the forum about similar issue (Redirecting HTTP to HTTPS) but so far it doesn’t seem that anyone had success implementing proper HTTP to HTTPS redirect with TLS offloading or am I configuring Kong incorrectly?
Thanks in advance for any hints!
The Kong ingress is provisioned using the stable/kong
Helm chart.
Some relevant bits from values.yaml
:
proxy:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-west-2:XXXX
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 443
http:
enabled: true
servicePort: 80
containerPort: 8000
tls:
enabled: true
servicePort: 443
containerPort: 8443
overrideServiceTargetPort: 8000 # <=
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: adminer
annotations:
kubernetes.io/ingress.class: kong
configuration.konghq.com: ingress-api
spec:
rules:
- host: XXXX
http:
paths:
- path: /
backend:
serviceName: adminer
servicePort: 80
apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: ingress-api
route:
protocols:
- https
https_redirect_status_code: 302