How to use aws nlb with nginx ingress controller for ssl

Question

I have attached AWS ACM provided SSL certificate to NLB. NLB will forward request to nginx ingress. Nginx is giving me the following error. The plain HTTP request was sent to HTTPS port. I have set the following annotation in nginx ingress.

• nginx.ingress.kubernetes.io/force-ssl-redirect: false
• nginx.ingress.kubernetes.io/ssl-redirect: false

I have set following annotation in nginx ingress service which is running behind NLB.

• service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
• service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "certificate arn"
• service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
• service.beta.kubernetes.io/aws-load-balancer-type: nlb

Answer 1

- name: http
    nodePort: 30192
    port: 80
    protocol: TCP
    targetPort: http
  - name: https
    nodePort: 30429
    port: 443
    protocol: TCP
    targetPort: https

Answer 2

For this error :

The plain HTTP request was sent to HTTPS port

Change your port configuration in Nginx service like, your target port in HTTPS section should be http instead of https

ports:
  - name: https
    **targetPort: http**

Here the annotation for reference

service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-southeast-1:xxxxxxx:certificate/8991ftt8-69e0-4e7d-1164-yy0aae19da90v
service.beta.kubernetes.io/aws-load-balancer-type: nlb