HTTP to HTTPS redirect with kong-ingress and TLS-offloading

Hi all.

I’m having issues setting up HTTP to HTTPS redirect on the kong ingress while using AWS ELB (classic) and HTTPS listener for TLS offloading. With the current configuration no matter whether the request arrives via HTTP or HTTPS kong issues 302 redirect. By the looks of it Kong is not handling the X-Forward-Proto header supplied by the ELB.

I have followed the posts in the forum about similar issue (Redirecting HTTP to HTTPS) but so far it doesn’t seem that anyone had success implementing proper HTTP to HTTPS redirect with TLS offloading or am I configuring Kong incorrectly?

Thanks in advance for any hints!

The Kong ingress is provisioned using the stable/kong Helm chart.
Some relevant bits from values.yaml:

proxy:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-west-2:XXXX
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 443
  http:
    enabled: true
    servicePort: 80
    containerPort: 8000
  tls:
    enabled: true
    servicePort: 443
    containerPort: 8443
    overrideServiceTargetPort: 8000 # <=
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: adminer
  annotations:
    kubernetes.io/ingress.class: kong
    configuration.konghq.com: ingress-api
spec:
  rules:
    - host: XXXX
      http:
        paths:
          - path: /
            backend:
              serviceName: adminer
              servicePort: 80

apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
  name: ingress-api
route:
  protocols:
    - https
  https_redirect_status_code: 302

You need to set KONG_TRUSTED_IPS environment variable so that Kong trusts the headers sent by ELB:


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ