Reputation: 3068
ALB Ingress - Redirect Traffic from HTTP to HTTPS not working
I am trying to route all HTTP traffic to HTTPS. I have a ALB ingress resource and following the guide here https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/#how-it-works but its not working. When i try to access http://www.myhost.in it stays with http but does not redirect to https
below is my ingress resource file
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: eks-learning-ingress
namespace: production
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/certificate-arn: arn878ef678df
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
labels:
app: eks-learning-ingress
spec:
rules:
- host: www.myhost.in
http:
paths:
- path: /*
backend:
serviceName: eks-learning-service
servicePort: 80
Any help in this would be really great, Thanks.
Upvotes: 15
Views: 22912
Answers (4)
Reputation: 61
https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/2274
Description
Controller v2.2.0 and later provides a simpler way to configure SSL redirection via the annotation alb.ingress.kubernetes.io/ssl-redirect.
alb.ingress.kubernetes.io/ssl-redirect: '443'
Upvotes: 4
Reputation: 466
AWS ALB Ingress controller now has added a new annotation for a easy redirection of HTTP requests to HTTPS. Available in apiVersion: networking.k8s.io/v1
This new annotation called as ssl-redirect is available in ALB Controller v2.4
So your problem can be fixed just with the following 2 annotations.
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
No need to mention any ingress rules.
Complete example-
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myapp
namespace: myapp
labels:
name: myapp
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.name: my-alb-group #Use this to share ALB among multiple ingresses. #CostEffective
alb.ingress.kubernetes.io/load-balancer-name: my-alb # give ALB a meaningfull name otherwise a random name is assigned by AWS.
alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-west-1:XXXX:certificate/YYYY" # Get it by $ aws acm list-certificates
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
spec:
ingressClassName: alb
rules:
- host: app.example.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: myservice
port:
number: 80
Upvotes: 28
Reputation: 8786
In case anyone else is setting up a cluster with a newer API version; apiVersion: networking.k8s.io/v1, where the syntax is different, this is the way to go:
- path: /
pathType: Prefix
backend:
service:
name: ssl-redirect
port:
name: use-annotation
Note: path must not contain a wildcard, as you are using pathType: Prefix that will fail to configure the ALB.
Upvotes: 14
Reputation: 3068
For anyone stumbling on this post. I was missing adding this as my http paths. Have in mind this needs to be the first specified path.
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
Once i added this redirection started working.
So the final config in question should look like this:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: eks-learning-ingress
namespace: production
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/certificate-arn: arn878ef678df
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
labels:
app: eks-learning-ingress
spec:
rules:
- host: www.myhost.in
http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: eks-learning-service
servicePort: 80
Upvotes: 20
Related Questions
- how to redirect http to https using a kubernetes ingress controller on Amazon EKS
- Kubernetes ingress nginx redirect to https
- Nginx ingress not redirecting to https
- Kubernetes SSL Redirect Ingress
- Kubernetes ingress redirects http to https
- eks http https redirect using ingress
- ingress nginx redirect from www to https
- HTTPS redirect not working for default backend of nginx-ingress-controller
- nginx ingress always redirecting to https even with configmap and annotations set
- Kubernetes HTTP to HTTPS Redirect on AWS with ELB terminating SSL