You're speaking plain HTTP to an SSL-enabled server port.

General Discussions
1

My Gateway file is asapiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-gateway-secure
namespace: myapp
spec:
selector:
istio: ingressgateway # use istio default controller
servers:

  • port:
    number: 443
    name: https
    protocol: HTTPS
    tls:
    mode: SIMPLE
    serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
    privateKey: /etc/istio/ingressgateway-certs/tls.key
    #caCertificates: /etc/istio/ingressgateway-ca-certs/kbundle.crt
    hosts:
  • “*”
    —apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
    name: my-gateway-service-secure
    namespace:myapp
    spec:
    hosts:
  • sub.domaincom
    gateways:
  • my-gateway-secure
    http:
  • route:
  • destination:
    host: my-mono
    port:
    number: 443
    protocol: TCPand my service file isapiVersion: v1
    kind: Service
    metadata:
    name: my-mono
    namespace: myapp
    labels:
    tier: backend
    spec:
    selector:
    app: my-mono
    tier: backend
    ports:
  • port: 443
    name: https
    protocol: TCP

when i access my service using gateway it saysBad Request
Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.Apache/2.4.38 (Debian) Server at 10.0.159.77 Port 443i can confirm that apache is only listening on 443 and is properly configured. can someone help me with it. Thanks

2

I think Istio is decrypting the HTTPS connection and sending plain HTTP to your application.

I think you need to make your application listing on port 80 or else configure Istio to make a HTTPS connection to your app.

Kind regards,
Stephen

3

I replaced Simple TLS to Mutual TLS . as Simple TLS was terminating/encrypting header . and it worked. thanks for your help