Kong API Gateway - You must use HTTPS
Kong OSS V2.x in the ec2(centos)Getting the below error
{
"error": "access_denied",
"error_description": "You must use HTTPS"
}
NOTE: The ssl termination happening in the ALB, and the request is forwarded to ec2.
You should use the parameters
accept_http_if_already_terminated
Accepts HTTPs requests that have already been terminated by a proxy or load balancer and the x-forwarded-proto: https header has been added to the request. Only enable this option if the Kong server cannot be publicly accessed and the only entry point is such proxy or load balancer.
Your config should be like:
config:
scopes:
- foo
- bar
mandatory_scope: true
[...]
accept_http_if_already_terminated: true
A solution tested in prod environment:
"environment": [
{
"name": "KONG_REAL_IP_HEADER",
"value": "X-Forwarded-For"
},
{
"name": "KONG_ADMIN_ACCESS_LOG",
"value": "/dev/stdout"
},
{
"name": "KONG_ADMIN_ERROR_LOG",
"value": "/dev/stderr"
},
{
"name": "KONG_PROXY_ERROR_LOG",
"value": "/dev/stderr"
},
{
"name": "KONG_DATABASE",
"value": "postgres"
},
{
"name": "KONG_REAL_IP_RECURSIVE",
"value": "on"
},
{
"name": "KONG_TRUSTED_IPS",
"value": "0.0.0.0/0,::/0"
},
{
"name": "KONG_PG_HOST",
"value": ".....rds.amazonaws.com"
},
{
"name": "KONG_PG_PASSWORD",
"value": "......"
},
{
"name": "KONG_PROXY_ACCESS_LOG",
"value": "/dev/stdout"
},
{
"name": "KONG_PG_USER",
"value": "kong"
},
{
"name": "KONG_PROXY_LISTEN",
"value": "0.0.0.0:8000"
},
{
"name": "KONG_ADMIN_LISTEN",
"value": "0.0.0.0:8001, 0.0.0.0:8444 ssl"
}]
pay attention to the values:
In any case, after some years i reckon, if you are in aws there are better cost–effective solutions.
