Whitelisted ingress/load balancer not working

[sebastiangaiser]

As a workaround for #286 I tried to configure nginx for some whitelisted cidr's. At setting up the load balancer for this I added the following Helm values for nginx-ingress-controller chart. Previously we provisioned/uploaded a certificate via Terraform in HCloud as referenced:

controller:
  config:
    whitelist-source-range: "123.123.123.123/32"
    use-proxy-protocol: false
  service:
    externalTrafficPolicy: Local
    annotations:
      load-balancer.hetzner.cloud/name: "lb-internal"
      load-balancer.hetzner.cloud/location: "nbg1"
      load-balancer.hetzner.cloud/network-zone: eu-central
      load-balancer.hetzner.cloud/uses-proxyprotocol: "false"
      load-balancer.hetzner.cloud/protocol: "https"
      load-balancer.hetzner.cloud/http-redirect-http: "true"
      load-balancer.hetzner.cloud/certificate-type: "uploaded"
      load-balancer.hetzner.cloud/http-certificates: "lb-certificate"

When using the annotation load-balancer.hetzner.cloud/http-redirect-http: "true", I get the following error in ingress-nginx-internal-controller's service:

Error syncing load balancer: failed to ensure load balancer: hcloud/loadBalancers.EnsureLoadBalancer: hcops/LoadBalancerOps.ReconcileHCLBServices: port 80 is busy, redirect_http is enabled on another service (source_port_already_used)

When using it without this annotation, I end up at nginx with: 400 Bad Request The plain HTTP request was sent to HTTPS port

Can someone please explain a bit, how this should work ;)

[arashmhashemi]

try disabling http on nginx: controller.service.enableHttp: false also, for IP whitelisting, you need to enable proxy-protocol on both LB and nginx.

[github-actions[bot]]

This issue has been marked as stale because it has not had recent activity. The bot will close the issue if no further action occurs.