I have a working setup on GKE. Kong-ingress-controller 0.3 and Kong-proxy 1.0.0.
My last step is to setup HTTP so that clients (browser in this case) are always redirected to HTTPS. Both http and https work separately, but I would like to “disable” http by doing the redirect thing.
I have created ingress for my service with the following annotations (I tried my luck with force-ssl-redirect that should work with nginx, but it didn’t work for kong):
I don’t see anything redirect related options in KongIngress (“kong-configuration” that I am referring from this ingress, and trying to explore things)
What is the proper way to setup http -> https redirect. Maybe using plugins? which one?
@hbagdi Bump on this thread. I would also like to force all HTTP requests to HTTPS for some of my services. Is using the Request Termination plugin the recommended approach for this behavior? If so, can you provide a sample configuration for the plugin?
Thanks. I’m giving this a try now and my endpoint is in a redirect loop. The http request gets 302 redirected to https, but then all https requests still get 302ed as well.
What do you mean by “not a standard annotation?” Having to add a plugin for this functionality means having to supplement anything you are installing via the curated helm charts.
@hbagdi I’m applying the plugin to a specific ingress that has TLS terminated at a load balancer in front of Kong. So I want Kong to redirect http -> https and then pass through the https requests.
@miles You want to look at KongIngress Custom Resource.
You should create an Ingress resource which accepts all hosts and / path and proxy it to a dummy upstream service (which will actually never receive any traffic). Then, you annotate the Ingress with a KongIngress resource, which sets route.protocols to http only. This creates a route in Kong which accepts all http traffic, and this is the route to which you apply the above plugin, and then you will not have a redirect loop.
Hello @greg, ingress.kubernetes.io/force-ssl-redirect: "true" is not standardized by k8s community but we are seeing it proliferating now. We don’t currently support it but might consider adding it in future. Please consider opening a Github issue for a feature request if you’d like to.
i try with pre-function as mention here and it work ok.
just add pre-function plugin and submit this code:
local scheme = kong.request.get_scheme()
if scheme == "http" then
local host = kong.request.get_host()
local query = kong.request.get_path_with_query()
local url = "https://" .. host ..query
kong.response.set_header("Location",url)
return kong.response.exit(302,url)
end
To share an update and for others who stumble across this, with https://github.com/Kong/kong/pull/4424 merged in, Kong 1.2 comes with support for sending HTTPS redirect out of the box in Kong and Kong Ingress Controller will be updated to use that in future, which shall make HTTP to HTTPS redirection much simpler.
Now that I setup new environment I can test this (I found other solution earlier). I see that @hbinduni solution works. Complete KongPlugin manifest:
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: https-redirect
plugin: pre-function
config:
functions:
- |
local scheme = kong.request.get_scheme()
if scheme == "http" then
local host = kong.request.get_host()
local query = kong.request.get_path_with_query()
local url = "https://" .. host ..query
kong.response.set_header("Location",url)
return kong.response.exit(302,url)
end
And apply the plugin to your existing ingresses. (All hosts dummy ingress did not work for me, probably playing with path priority would have fixed it). E.g. of using redirect with an ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-app
annotations:
kubernetes.io/ingress.class: "kong"
# this is my extra configs for the ingress
configuration.konghq.com: "ingress-configuration"
plugins.konghq.com: https-redirect
spec: <your-spec-here>