The Route object in Kong now supports https_redirect_status_code
, please use that to setup HTTP to HTTPS redirection:
Thank you
How can we apply https-redirect at kong ingress?
Hi @bgarcial thank for your reply but i want to ask you about this code. Where that i put this code or where that I run this code?
echo "apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: https-only
route:
protocols:
- https
https_redirect_status_code: 302
" | kubectl apply -f -
kongingress.configuration.konghq.com/https-only created
You can create the KongIngress
resource of a separate way, for instance:
# This KongIngress resource should be created first before to
# create kong basic-auth KongPlugin and Priva Ingress resource.
apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: customer-ingress
# namespace: default
annotations:
kubernetes.io/ingress.class: "kong"
proxy:
protocols:
- http
- https
# path: /
route:
methods:
- POST
- GET
strip_path: true
preserve_host: true
And execute it.
@hbagdi
I doesnât work correctly for me:
{
"id": "229254f5-e430-4210-ae69-b467cb4f626e",
"tags": [
"managed-by-ingress-controller"
],
"updated_at": 1570666150,
"destinations": null,
"headers": null,
"protocols": [
"http",
"https"
],
"created_at": 1570666150,
"snis": null,
"service": {
"host": "prod-cleric.prod.svc",
"created_at": 1570666150,
"connect_timeout": 60000,
"id": "1b04066f-52d4-46d5-8e51-0c44eb0efafe",
"protocol": "http",
"name": "prod.prod-cleric.80",
"read_timeout": 60000,
"port": 80,
"path": "/",
"updated_at": 1570666150,
"retries": 5,
"write_timeout": 60000,
"tags": [
"managed-by-ingress-controller"
],
"client_certificate": null,
"extras": {}
},
"name": "prod.prod-cleric.00",
"preserve_host": true,
"regex_priority": 0,
"strip_path": true,
"sources": null,
"paths": [
"/v2/cleric"
],
"https_redirect_status_code": 426,
"hosts": [
"REDACTED"
],
"methods": null
}
looks https_redirect_status_code is set on the route.
âhttps_redirect_status_codeâ: 426,
however no redirect when i trigger the endpoint via plaintext http.
curl -v -H "apiKey: REDACTED=" http://REDACTED/v2/cleric/description/?text=foo
[...]
* TCP_NODELAY set
* Expire in 149970 ms for 3 (transfer 0x5591812c8dd0)
* Expire in 200 ms for 4 (transfer 0x5591812c8dd0)
* Connected to REDACTED (10.160.32.80) port 80 (#0)
> GET /v2/cleric/description/?text=foo HTTP/1.1
> Host: REDACTED
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/vnd.siren+json
< Content-Length: 1300
< Connection: keep-alive
< Server: gunicorn/19.9.0
< Date: Thu, 10 Oct 2019 01:40:25 GMT
< X-Kong-Upstream-Latency: 39
< X-Kong-Proxy-Latency: 1
< Via: kong/1.3.0
[...]
** NINJA EDIT
It looks like for the 426 to work, http needs to be removed from the list of protocols on the route.
âA list of the protocols this Route should allow. By default it is [âhttpâ, âhttpsâ], which means that the Route accepts both. When set to [âhttpsâ], HTTP requests are answered with a request to upgrade to HTTPS.â
I have created the plugin as mentioned above. But the problem I am facing is, the service call is going in 302 redirect loop and then at last after few, it fails.
That is each time I am getting http requests, even after 302 redirection which converting http to https.
The manifest file is as below,
apiVersion: configuration.konghq.com/v1 kind: KongPlugin metadata: name: https-redirect labels: global: "false" plugin: pre-function config: functions: - | local scheme = kong.request.get_scheme() if scheme == "http then local host = kong.request.get_host() local query = kong.request.get_path_with_query() local url = "https://" .. host ..query kong.response.set_header("Location",url) return kong.response.exit(302,url) end
Please help.
Thanks
This is now supported by Kong itself and doesnât require a plugin.
Please take a look at the https_redirect_status_code
property of the route
entity.
Is there a simple example of using https_redirect_status? The link you gave earlier takes me to docs I donât follow, not sure theyâre related to a kubernetes ingress which is where Iâm trying to use this.
Please follow this guide: https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/guides/configuring-https-redirect.md for Kubernetes Ingress.
Iâm not sure what I did but it works now. Your guide suggested modifying the KongIngress but I left mine alone (it still has protocols http, https etc listed) ie same as the k4k8.yaml file I originally downloaded.
My ingress annotations look like this:
annotations = {
"kubernetes.io/ingress.class" = "kong"
"kubernetes.io/ingress.allow-http" = "false"
}
That second entry was left over from when I was using gcp so I donât know if it is making the difference. Anyway itâs working so Iâm happy.
It is still super disappointing that we have to create a KongPlugin instance to do this basic ingress function. When installing a service via a helm chart, this means we have to manually go though and either edit the helm chart or create the KongPlugin.
kongingress seems a namespaced resource, and I donât want to install it for each namespace to just force the https re-direct, so kindly please help to show the cluster-wide installation?
Looks like missing closing double quote after the http on this line
Here are the annotations that I use for Kong/KIC setup on AKS and they seem to work fine:
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-0
namespace: app
annotations:
konghq.com/https-redirect-status-code: "301"
konghq.com/protocols: "https"
spec:
ingressClassName: kong
rules:
- host: "app.contoso.com"
http:
paths:
...