Redirecting HTTP to HTTPS

#1

Hi,

I have a working setup on GKE. Kong-ingress-controller 0.3 and Kong-proxy 1.0.0.

My last step is to setup HTTP so that clients (browser in this case) are always redirected to HTTPS. Both http and https work separately, but I would like to “disable” http by doing the redirect thing.

I have created ingress for my service with the following annotations (I tried my luck with force-ssl-redirect that should work with nginx, but it didn’t work for kong):

annotations:
  kubernetes.io/ingress.class:"kong"
  kong.ingress.kubernetes.io/force-ssl-redirect: "true"
  configuration.konghq.com: "kong-configuration"

I don’t see anything redirect related options in KongIngress (“kong-configuration” that I am referring from this ingress, and trying to explore things)

What is the proper way to setup http -> https redirect. Maybe using plugins? which one?

0 Likes

#2

kong.ingress.kubernetes.io/force-ssl-redirect annotation is no supported by Kong Ingress as it’s not a standard annotation.

You can use Request termination plugin in Kong to send back a 302 HTTPS redirect for any plaintext request.

Please mark the post as resolved if this helps you, thanks!

0 Likes

#3

Hi hbagdi,

I’m also having some trouble with this too. I just want to be sure if this is the correct configuration:

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
    name: redirect-https
    namespace: kong
config:
     status_code : 302
plugin: request-termination

Thank you in advance!
Tarek M.

0 Likes

#4

@hbagdi Bump on this thread. I would also like to force all HTTP requests to HTTPS for some of my services. Is using the Request Termination plugin the recommended approach for this behavior? If so, can you provide a sample configuration for the plugin?

1 Like

#5

You could apply the following plugin for SSL redirect:

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: https-redirect
plugin: pre-function
config:
  functions:
  - |
    local forwarded_host = ngx.var.http_x_forwarded_host  or ngx.var.host
    ngx.header["Location"] = "https://" .. forwarded_host .. ngx.var.request_uri
    return kong.response.exit(302)

Please apply this plugin on an Ingress which accepts all paths and all hosts on the http protocol.

If this solves your problem, please mark the post as resolved, thank you!

0 Likes

#6

Thanks. I’m giving this a try now and my endpoint is in a redirect loop. The http request gets 302 redirected to https, but then all https requests still get 302ed as well.

0 Likes

#7

My bad, the plugin shouldn’t be applied globally, but on a route which accepts only HTTP traffic.

Which route have you applied this plugin to?

0 Likes

#8

What do you mean by “not a standard annotation?” Having to add a plugin for this functionality means having to supplement anything you are installing via the curated helm charts.

0 Likes

#9

@hbagdi I’m applying the plugin to a specific ingress that has TLS terminated at a load balancer in front of Kong. So I want Kong to redirect http -> https and then pass through the https requests.

0 Likes

#10

@miles You want to look at KongIngress Custom Resource.
You should create an Ingress resource which accepts all hosts and / path and proxy it to a dummy upstream service (which will actually never receive any traffic). Then, you annotate the Ingress with a KongIngress resource, which sets route.protocols to http only. This creates a route in Kong which accepts all http traffic, and this is the route to which you apply the above plugin, and then you will not have a redirect loop.

Hope this helps.

0 Likes

#11

Hello @greg,
ingress.kubernetes.io/force-ssl-redirect: "true" is not standardized by k8s community but we are seeing it proliferating now. We don’t currently support it but might consider adding it in future. Please consider opening a Github issue for a feature request if you’d like to.

0 Likes