Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ELB HTTPs termination returns plain HTTP request was sent to HTTPS port #4717

Closed
pwhitehead00 opened this issue Oct 25, 2019 · 2 comments
Closed

Comments

@pwhitehead00
Copy link

Is this a request for help? (If yes, you should use our troubleshooting guide and community support channels, see https://kubernetes.io/docs/tasks/debug-application-cluster/troubleshooting/.):

What keywords did you search in NGINX Ingress controller issues before filing this one? (If you have found any duplicates, you should instead reply there.):
"nginx ingress terminate ssl at elb"
"The plain HTTP request was sent to HTTPS port"


Is this a BUG REPORT or FEATURE REQUEST? (choose one):
Bug

NGINX Ingress controller version:
0.26.1

Kubernetes version (use kubectl version):
1.12.3

Environment:

  • Cloud provider or hardware configuration: AWS
  • OS (e.g. from /etc/os-release): AL2
  • Kernel (e.g. uname -a):
  • Install tools: Helm, EKS
  • Others:

What happened:
The request is being sent over HTTPS after TLS has been terminated, resulting in a 400 Bad Request The plain HTTP request was sent to HTTPS port

I followed the setup instructions including configuring additional headers in the configmap.

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:xxxxxx:certificate/yyyyyy
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
...
spec:
...
  ports:
  - name: http
    nodePort: 31582
    port: 80
    protocol: TCP
    targetPort: http
  - name: https
    nodePort: 32102
    port: 443
    protocol: TCP
    targetPort: https
  selector:
...
apiVersion: v1
data:
  proxy-real-ip-cidr: 0.0.0.0/0
  use-forwarded-headers: "true"
  use-proxy-protocol: "false"
kind: ConfigMap
...
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: test.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: http-svc
          servicePort: 80

What you expected to happen:
The request would return a 200

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know:
#3690 seems to be related but I wasn't able to get anything working based on the examples.

@aledbf
Copy link
Member

aledbf commented Oct 26, 2019

@aledbf aledbf closed this as completed Oct 26, 2019
@rmykhailiuk
Copy link

Closing. Please check https://github.com/kubernetes/ingress-nginx/blob/master/deploy/static/provider/aws/service-l7.yaml#L31

Link is broken. It's better to describe closure reason in the issue directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants