Redirect Kong non SSL to SSL

#1

Hey

So we have the following architecture to run our main website + APIs using Docker.

Kong Docker Container is on top of the following containers (Proxy) all the Kong API’s/Endpoints have Forced SSL to connect.

  • CMS (Homepage URL: example. com.)
  • Ecommerce (Homepage URL: example. com/ecommerce)
  • Ecommerce API (Homepage URL: api.example. com/ecommerce)

So what I need to do is redirect example. com (non-SSL/HTTP) to https:// example. com
What I have tried right now is
create a custom nginx template

`
# ---------------------
# custom_nginx.template
# ---------------------

worker_processes ${{NGINX_WORKER_PROCESSES}}; # can be set by kong.conf
daemon ${{NGINX_DAEMON}};                     # can be set by kong.conf

pid pids/nginx.pid;                      # this setting is mandatory
error_log logs/error.log ${{LOG_LEVEL}}; # can be set by kong.conf

events {
    use epoll; # custom setting
    multi_accept on;
}

http {
    # include default Kong Nginx config
    include 'nginx-kong.conf';

    server {
	listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
    }
}

and then start kongkong start --nginx-conf nginx_custom.template`

So even after this kong still does not redirect http: // example.com to https: // example.com

#2

That is not a custom template. Custom template is like this:

#3

That template does look valid to me. If no changes is required to the nginx-kong.conf sub-configuration, there are no reasons to override it in the nginx configuration template.

#4

Thibault, correct but it then breaks the config file / ENV vars, e.g. changes to listen etc. don’t have effect.

#5

How would you suggest then the redirection to happen ? I don’t really know LUA.

#6

Those should still work (ENV vars are picked from the CLI before it outputs nginx.conf and nginx-kong.conf, and the CLI will also use the default template with all substitution variables before writing it to nginx-kong.conf, which this template then includes)

#7

@gauravh Have you looked into this issue?

It describes common “gotchas” with the server block you defined, and also has a link to a plugin that claims to be doing the same.

So even after this kong still does not redirect http: // example.com to https: // example.com

If none of the above works, please post the output of your commands here so we can help you, otherwise we cannot guess for you what is going wrong :slight_smile:

#8

Oh, didn’t know it, but makes sense. Thanks for correcting me (twice).

#9

well i haven’t really got an error from kong. So here’s what I tried so far
I made the custom nginx template.
Stopped Kong. (kong stop)
Started kong with the custom nginx conf (kong start --nginx-conf nginx_custom.template)

Kong started without any errors. Now when I try navigating over to

http: //domain. com it will still not redirect my request to https: // domain .com

#10

Another option to avoid modifications of kong configuration template is to use the pre-function plugin (https://docs.konghq.com/hub/kong-inc/serverless-functions/) with the following function attached to a route or a service

local scheme = kong.request.get_scheme()
if scheme == "http" then
  local host = kong.request.get_host()
  local query = kong.request.get_path_with_query()
  local url = "https://" .. host ..query
  kong.response.set_header("Location",url)
  return kong.response.exit(302,url)
end
#11

Hello!

An update on this topic: we are working on a native way of supporting HTTP to HTTPs redirects. You can follow the PR here:

We decided to introduce a new Route attribute, https_redirect_status_code, which, in the event of an HTTP request onto an HTTPS only Route, will determine the behavior followed by Kong (reject the request with HTTP 426, or redirect with HTTP 301/302, etc…). It is currently scheduled for inclusion in Kong 1.2.