Hi there!

I’m setting up Nginx ingress controller on my Kubernetes Cluster, and I can’t make http->https redirect to work.

apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress-controller
  labels:
    component: "controller"
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-protocol: "https"
    service.beta.kubernetes.io/do-loadbalancer-certificate-id: "d6312b2d-c313-4b03-9030-ccc40f1afed5"
    service.beta.kubernetes.io/do-loadbalancer-tls-passthrough: "false"
    service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
spec:
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: http
    - name: https
      port: 443
      protocol: TCP
      targetPort: http
  selector:
    app: nginx-ingress
    component: "controller"
  type: "LoadBalancer"

As you can see in nginx ingress controller Service definition, I’m using correct annotation, however, when I visit http://mydomain.com, I get ERRCONNECTIONREFUSED, instead of getting redirection to https.

When I use https://mydomain.com, it works as expected, i.e. response from ingress resource is rendered.

Did I configure nginx ingress correctly? What am I missing?
Thank you.

2 comments
  • Is your ingress controller listening on port 80 as well as 443? I see you have both service ports set to:

    targetPort: http
    

    Is this intentional?

    Note that targetPort is the port on the pod that the request hits. Your ingress controller needs to be listening on this port for the service to work.

    Are you specifying 80 as an exposed port on your deployment?

    Regards,

    John Kwiatkoski
    Senior Developer Support Engineer - Kubernete

  • Yes, it is very much intentional.
    Since Load Balancer is performing SSL termination/offloading, only unencrypted traffic lands in Ingress controller (both on port 443 and 80). After SSL termination, requests cannot go to targetPort 443 because of plaintext/SSL transport type mismatch, therefore, they are routed to port 80.

    There is no issue with exposed ports on nginx ingress controller deployment, because it works just fine for SSL.

    I presume that issue is with Load Balancer itself, because it does not perform http->https redirection, i.e. when I visit load balancer url at port 80 I don’t get redirected to port 443, but when I visit url at port 443 it works as expected.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

I had the same issue, using the same YAML as you. I solved it by adding the following annotation

service.beta.kubernetes.io/do-loadbalancer-protocol: “http”

This sets the correct forwarding rules protocol in the load balancer and the http to https now works

Submit an Answer