I’m experiencing an issue with the Kong Ingress Controller where requests are caught in a redirect loop, bouncing between HTTP and HTTPS, and resulting in multiple 301 Moved Permanently
responses before eventually serving the content. This behavior is observed when trying to access a specific endpoint through Kong.
Logs: When I run the following command:
curl http://kong-uat-1.example.pl/portal -L -I
I receive the following sequence of responses:
- Initial
301 Moved Permanently
redirect from HTTP to HTTPS:
HTTP/1.1 301 Moved Permanently
Location: https://kong-uat-1.example.pl/portal
Server: kong/3.6.1
- Another
301 Moved Permanently
redirect back to HTTP:
HTTP/2 301
Location: http://kong-uat-1.example.pl/portal/
Server: nginx
- Final resolution to the content with an
HTTP/1.1 308
response.
Location: https://kong-uat-1.example.pl/portal/
X-Kong-Response-Latency: 0
Server: kong/3.6.1
- Final resolution to the content with an
HTTP/1.1 200
response.
Configuration Details:
- HTTPRoute Configuration:
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
annotations:
konghq.com/https-redirect-status-code: "301"
konghq.com/preserve-host: "true"
konghq.com/protocols: https
konghq.com/request-buffering: "false"
konghq.com/response-buffering: "false"
name: frontend-portal-sky-generic-deployment-0
namespace: apps
spec:
parentRefs:
- name: kong-ingress-internal
rules:
- backendRefs:
- name: frontend-portal-sky-generic-deployment
port: 80
matches:
- path:
type: PathPrefix
value: /portal
Issues Observed:
- Redirect Loop: The request is redirected multiple times between HTTP and HTTPS, which appears to create a loop before the final response is served. This may indicate a conflict between the HTTPS redirect and path handling logic.
- Mixed Protocols: The responses show a mixture of HTTP/1.1 and HTTP/2, and the protocol seems to switch during the redirect process. This could be a potential issue with how the ingress controller is handling protocol upgrades or redirects.
Expected Behavior:
- The request should be redirected to HTTPS once, and then serve the content without further redirects.
- The ingress controller should consistently handle the protocols as defined in the configuration.
- Path handling should be clear and not cause any unnecessary redirects.