HTTPS requests not working via Load Balancer

Hi All,

My get a success response for my API requests made in HTTPS using the OpenShift route URL. But when the same API request is made through external load balancer (Haproxy) > Kong > OpenShift service flow, I get the below error response.

HTTP/1.1 400 Bad Request
Date: Sun, 10 May 2020 09:58:59 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 220
X-Kong-Response-Latency: 0
Server: kong/2.0.2.0-enterprise-k8s

400 The plain HTTP request was sent to HTTPS port

400 Bad Request

The plain HTTP request was sent to HTTPS port

My LB (Haproxy) configuration is,

frontend ingress_secure
bind *:443 ssl crt /etc/haproxy/cert/haproxy.pem
mode http
acl has_nsb_uri path_beg /nsb
use_backend kong_secure_backend if has_nsb_uri
default_backend ingress_secure_backend

backend kong_secure_backend
balance roundrobin
mode http
server external-infra1 172.55.49.33:30008 check
server external-infra2 172.55.49.34:30008 check

My Ingress resource configuration is,

[root@server ~]# oc describe ingress httplistener
Name: httplistener
Namespace: nsb-mobile
Address: 172.30.22.2
Default backend: default-http-backend:80 ()
Rules:
Host Path Backends


    /nsb/api/service   httplistener:8080 (172.28.34.102:8080)

Annotations:
konghq.com/https-redirect-status-code: 302
konghq.com/protocols: https
kubectl.kubernetes.io/last-applied-configuration: {“annotations”:{“konghq.com/strip-path":false},“apiVersion”:“extensions/v1beta1”,“kind”:“Ingress”,“metadata”:{“annotations”:{},“name”:“httplistener”},“spec”:{“rules”:[{“http”:{“paths”:[{“backend”:{“serviceName”:“httplistener”,“servicePort”:8080},“path”:"/nsb/api/service”}]}}]}}

Events:

Can you help me resolve this issue.

Thanks!

Please open an enterprise support ticket for speedy resolution.

It seems like HA proxy is sending plaintext requests to the https port of Kong.
You either need to configure HA proxy to send HTTPS requests to the HTTPS port of Kong or configure HA proxy to send requests to the HTTP(plaintext) port of Kong.

This error got resolved with ‘ssl verify none’ config for Kong ingress endpoint. But this is with SSL termination in the load balancer.

Appreciate if someone can share the configuration in HA proxy and Kong for haproxy SSL pass-through with SSL termination at Kong ingress controller.

Thanks!

From this additional information, it seems like you need to configure HA proxy to send HTTPS requests to the HTTPS port of Kong. And that should be about it.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ