308 https redirect loop on nginx-ingress 0.26.1

pshanoop · December 23, 2019, 3:59pm

Cluster information:

Kubernetes version: v1.15.6
Cloud being used: aws
Installation method: Kops 1.15.0
Host OS: Debian GNU/Linux 9.11 (stretch)
CNI and version: Canal v3.7.4
CRI and version: Docker 18.06.3-ce

helm version: v3.0.0

Honest warning: I’m a k8s newbie.

I have installed ingress-ingress using helm install nginx-ingress stable/nginx-ingress --values=nginx-ingress.values.yml

---
controller:
  # Default configMap
  # More options at https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
  config:     
    server-tokens: "false"
    #    large-client-header-buffers: 6 64k
    proxy-body-size: "1537m"
    proxy-read-timeout: "600"
    proxy-send-timeout: "600"
    send-timeout: "600"
    ssl-redirect: "true"
    force-ssl-redirect: "true"
    use-proxy-protocol: "false"

  service:
    labels:
      access: "true"
    annotations:
      dns.alpha.kubernetes.io/external: "ingress.REMOVED"
      # Wildcard cert
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: |-
        arn:aws:acm:REMOVED
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

    targetPorts:
      http: http
      https: http
  metrics:
    enables: true

Then I installed prometheus-operator using helm with values

grafana:
  enabled: true

  ## Deploy default dashboards.
  ##
  defaultDashboardsEnabled: true

  adminPassword: PASSS

  ingress:
    ## If true, Grafana Ingress will be created
    ##
    enabled: true

    ## Annotations for Grafana Ingress
    ##
    annotations:
      dns.alpha.kubernetes.io/external: "grafana1.REMOVED.com"
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/auth-type: basic
      nginx.ingress.kubernetes.io/auth-secret: basic-auth
      nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - admin'
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
    labels: {}
    hosts:
      - grafana.REMOVED.com
    path: /
    tls: []

After deploying I manually created another subdomain for grafana in Route53. The issue is I can’t access this service, It’s redirecting in a loop. I checked in node, ELB is sending X-Forwarded-* headers.

Response looks like this
curl -I https://grafana.REMOVED.COM
HTTP/1.1 308 Permanent Redirect
Content-Length: 168
Content-Type: text/html
Date: Mon, 23 Dec 2019 15:57:21 GMT
Location: https://grafana.REMOVED.COM/
Connection: keep-alive

pshanoop · December 24, 2019, 12:06pm

I seems like I should useuse-forwarded-headers: "true"
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-forwarded-headers

Topic		Replies	Views
HTTPS 308 permanent redirection k8s ingress nginx General Discussions	2	7347	May 4, 2021
Ingress-Nginx SSL Alert Number 70 General Discussions	2	474	January 29, 2024
[Ingress-nginx Security Advisory] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation Announcements	0	489	October 25, 2023
Debug Nginx Ingress Controller General Discussions	0	876	March 30, 2022
Nginx bouncing me back and forth although I have only one back-end (TLS related question) General Discussions	7	123	March 23, 2024

308 https redirect loop on nginx-ingress 0.26.1

Cluster information:

Related Topics