I currently have Kong setup on my kubernetes cluster via helm with the following config:
env:
ssl_cert: /etc/secrets/tls/tls.crt
ssl_cert_key: /etc/secrets/tls/tls.key
trusted_ips: "0.0.0.0/0,::/0"
proxy_listen: "0.0.0.0:8000 http2 proxy_protocol, 0.0.0.0:8443 ssl http2 proxy_protocol"
real_ip_header: "proxy_protocol"
and the ingress has the following:
annotations:
konghq.com/protocols: "https"
konghq.com/https-redirect-status-code: "308"
When hitting kong via curl with the following curl https://foo.com/bar" -H "X-Forwarded-Proto: http" -v
then a 308 is returned even though the connection to kong is secure. The nature of our app that is making the request to kong requires the x-forwarded-* headers to be sent as-is which is why I trust all IP addresses. If I change the “X-Forwarded-Proto” to “https” then no redirect occurs.
Can I disable the redirect that is driven by the “X-Forwarded-Proto” header at all but still bump http traffic to https?