charts icon indicating copy to clipboard operation
charts copied to clipboard
verified publisher icon jfrog

How to redirect to https when using Nginx and Terminate SSL in Nginx Service(LoadBalancer).

Open casper-gh opened this issue 5 years ago • 3 comments

Is this a request for help?: Yes

Is this a BUG REPORT or FEATURE REQUEST? (choose one): maybe FEATURE REQUEST

Version of Helm and Kubernetes:

Helm: version.BuildInfo{Version:"v3.3.0", GitCommit:"8a4aeec08d67a7b84472007529e8097ec3742105", GitTreeState:"dirty", GoVersion:"go1.14.6"}

EKS: 1.19

Kubectl:

Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.8", GitCommit:"9f2892aab98fe339f3bd70e3c470144299398ace", GitTreeState:"clean", BuildDate:"2020-08-13T16:12:48Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19+", GitVersion:"v1.19.6-eks-49a6c0", GitCommit:"49a6c0bf091506e7bafcdb1b142351b69363355a", GitTreeState:"clean", BuildDate:"2020-12-23T22:10:21Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}

Which chart: https://github.com/jfrog/charts/tree/master/stable/artifactory-ha

What happened: When using Nginx and AWS classic LB offload, the UI page doesn't redirect to HTTPS. Furthermore, if somebody loads https://example.com (SSL terminated by ELB), it redirects back to the HTTP endpoint http://example.com/ui/

Especially for our use case, we block port 80 on the ELB, so the request timeout. The only way it works for us is to use the direct link https://example.com/ui/

What you expected to happen: https://example.com should redirect to https://example.com/ui/ (not the HTTP one)

How to reproduce it (as minimally and precisely as possible):

Install Artifactory HA with Nginx and Terminate SSL in Nginx Service(LoadBalancer).

nginx:
    https:
      enabled: false
    service:
      ssloffload: true
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"

When everything comes up, load the endpoint https://example.com, it will redirect to http://example.com/ui/

Anything else we need to know: Could this setting be change somewhere in nginx config?

casper-gh avatar Feb 20 '21 02:02 casper-gh

That's super weird. Are you customizing mainConf and/or artifactoryConf as well? We've got a similar setup and observe the following:

  • http requests stay on http
  • https requests stay on https
  • htttp does not auto redirect to https

We're rather notify modify those snippets to enable http->https redirect. Thinking of submitting a PR to add a user configurable variable to switch this functionality on

nagonzalez avatar Aug 28 '21 02:08 nagonzalez

@nagonzalez can you please submit a PR for this request

chukka avatar Dec 14 '21 01:12 chukka

@casper-gh is there any modification in artifactoryConf/mainConf, could you please share your customisations?

amithins avatar Apr 11 '22 06:04 amithins