Redirecting HTTP to HTTPS

Happy to see @hbinduni’s solution for this.

To share an update and for others who stumble across this, with https://github.com/Kong/kong/pull/4424 merged in, Kong 1.2 comes with support for sending HTTPS redirect out of the box in Kong and Kong Ingress Controller will be updated to use that in future, which shall make HTTP to HTTPS redirection much simpler.

3 Likes

Now that I setup new environment I can test this (I found other solution earlier). I see that @hbinduni solution works. Complete KongPlugin manifest:

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: https-redirect
plugin: pre-function
config:
  functions:
  - |
    local scheme = kong.request.get_scheme()
    if scheme == "http" then
      local host = kong.request.get_host()
      local query = kong.request.get_path_with_query()
      local url = "https://" .. host ..query
      kong.response.set_header("Location",url)
      return kong.response.exit(302,url)
    end

And apply the plugin to your existing ingresses. (All hosts dummy ingress did not work for me, probably playing with path priority would have fixed it). E.g. of using redirect with an ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-app
  annotations:
    kubernetes.io/ingress.class: "kong"
    # this is my extra configs for the ingress
    configuration.konghq.com: "ingress-configuration"
    plugins.konghq.com: https-redirect
spec: <your-spec-here>

@alexjantunen. Hi, Can you please share an example of this line

`local url = "https://" .. host ..query`

For example If i have an Ingress aplicacion.linuxrocks.com that resolve to http:// but I need to be redirect to https://aplicacion.linuxrocks.com , on the line above what should I write.

Thanks in advance.

Update on my last question, I discover asking over the slack #kong room, that the code needs no modification to be able to redirect.

So I create the kongPlugin & update the Kubernetes Ingress with the code, the url get redirected.

Thanks to @alexjantunen + @hbagdi for the response over Slack.

Hi @hbagdi can you tell me kong can redirect from http to https or not if can how to to? Thank

Hello Sothy, here are some interesting resources to do it …
Looks interesting

just create kong plugin refer @alexjantunen https-redirect plugin

and add annotation in your ingress like this
plugins.konghq.com: https-redirect”

Did you mean currently there is a KongPlugin or function inside that make the redirect?
Do you have some documentation about it?

The Route object in Kong now supports https_redirect_status_code, please use that to setup HTTP to HTTPS redirection:

Thank you
How can we apply https-redirect at kong ingress?

Hi @alexjantunen could you tell me how to redirect http to https on kong with docker?
Thank

Hi @hbinduni I use it too but doesn’t work brother.32%20AM

Hi @bgarcial thank for your reply but i want to ask you about this code. Where that i put this code or where that I run this code?
echo "apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: https-only
route:
protocols:

You can create the KongIngress resource of a separate way, for instance:

# This KongIngress resource should be created first before to
# create kong basic-auth KongPlugin and Priva Ingress resource.

apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
  name: customer-ingress
  # namespace: default
  annotations:
    kubernetes.io/ingress.class: "kong"
proxy:
  protocols:
    - http
    - https
#  path: /
route:
  methods:
    - POST
    - GET
  strip_path: true
  preserve_host: true

And execute it.

@hbagdi
I doesn’t work correctly for me:

{
  "id": "229254f5-e430-4210-ae69-b467cb4f626e",
  "tags": [
    "managed-by-ingress-controller"
  ],
  "updated_at": 1570666150,
  "destinations": null,
  "headers": null,
  "protocols": [
    "http",
    "https"
  ],
  "created_at": 1570666150,
  "snis": null,
  "service": {
    "host": "prod-cleric.prod.svc",
    "created_at": 1570666150,
    "connect_timeout": 60000,
    "id": "1b04066f-52d4-46d5-8e51-0c44eb0efafe",
    "protocol": "http",
    "name": "prod.prod-cleric.80",
    "read_timeout": 60000,
    "port": 80,
    "path": "/",
    "updated_at": 1570666150,
    "retries": 5,
    "write_timeout": 60000,
    "tags": [
      "managed-by-ingress-controller"
    ],
    "client_certificate": null,
    "extras": {}
  },
  "name": "prod.prod-cleric.00",
  "preserve_host": true,
  "regex_priority": 0,
  "strip_path": true,
  "sources": null,
  "paths": [
    "/v2/cleric"
  ],
  "https_redirect_status_code": 426,
  "hosts": [
    "REDACTED"
  ],
  "methods": null
}

looks https_redirect_status_code is set on the route.
“https_redirect_status_code”: 426,
however no redirect when i trigger the endpoint via plaintext http.

curl -v -H "apiKey: REDACTED=" http://REDACTED/v2/cleric/description/?text=foo
[...]
* TCP_NODELAY set
* Expire in 149970 ms for 3 (transfer 0x5591812c8dd0)
* Expire in 200 ms for 4 (transfer 0x5591812c8dd0)
* Connected to REDACTED (10.160.32.80) port 80 (#0)
> GET /v2/cleric/description/?text=foo HTTP/1.1
> Host: REDACTED
> User-Agent: curl/7.64.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: application/vnd.siren+json
< Content-Length: 1300
< Connection: keep-alive
< Server: gunicorn/19.9.0
< Date: Thu, 10 Oct 2019 01:40:25 GMT
< X-Kong-Upstream-Latency: 39
< X-Kong-Proxy-Latency: 1
< Via: kong/1.3.0
[...]

** NINJA EDIT
It looks like for the 426 to work, http needs to be removed from the list of protocols on the route.
“A list of the protocols this Route should allow. By default it is [“http”, “https”], which means that the Route accepts both. When set to [“https”], HTTP requests are answered with a request to upgrade to HTTPS.”

Hi @hbagdi and @bgarcial,

I have created the plugin as mentioned above. But the problem I am facing is, the service call is going in 302 redirect loop and then at last after few, it fails.

That is each time I am getting http requests, even after 302 redirection which converting http to https.

The manifest file is as below,

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: https-redirect
  labels:
    global: "false"
plugin: pre-function
config:
  functions:
  - |
    local scheme = kong.request.get_scheme()
    if scheme == "http then
      local host = kong.request.get_host()
      local query = kong.request.get_path_with_query()
      local url = "https://" .. host ..query
      kong.response.set_header("Location",url)
      return kong.response.exit(302,url)
    end

Please help.
Thanks

This is now supported by Kong itself and doesn’t require a plugin.
Please take a look at the https_redirect_status_code property of the route entity.

Is there a simple example of using https_redirect_status? The link you gave earlier takes me to docs I don’t follow, not sure they’re related to a kubernetes ingress which is where I’m trying to use this.

Please follow this guide: https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/guides/configuring-https-redirect.md for Kubernetes Ingress.

I’m not sure what I did but it works now. Your guide suggested modifying the KongIngress but I left mine alone (it still has protocols http, https etc listed) ie same as the k4k8.yaml file I originally downloaded.
My ingress annotations look like this:

    annotations = {
      "kubernetes.io/ingress.class" = "kong"
      "kubernetes.io/ingress.allow-http" = "false"
    }  

That second entry was left over from when I was using gcp so I don’t know if it is making the difference. Anyway it’s working so I’m happy.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ