0

I have a local kubernetes cluster (k3s) with an nginx controller (installed via helm). I have two services (Spring-Boot myapp and an auth-server (OAuth2)).

I'm trying to make my application work with http only. Therefore, I have defined an ingress resource in the following way:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: myapp-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/configuration-snippet: |-
      if ($uri = /){
          return 302 http://$http_host/myapp/;
        }
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
  ingressClassName: nginx
  rules:
    - host: myapp.cloud
      http:
        paths:
          - path: /myapp
            pathType: Prefix
            backend:
              service:
                name: myapp
                port:
                  number: 80
          - path: /
            pathType: Prefix
            backend:
              service:
                name: auth-server
                port:
                  number: 8080

I have also added the following parameters to the nginx-controller config-map:

  hsts: "false"
  ssl-redirect: "false"
  hsts-max-age: "0"

I have also cleared HSTS in my browsers (Safari & Firefox). SSL (server.ssl.enabled=false) is disabled for both of my backend services.

When loading http://myapp.cloud, I get redirected correctly to the login page of the auth-server (http://myapp.cloud/login). However, the page doesn't get loaded correctly, because the static assets (js, css) are not loaded. Instead the requests to load them are redirected with 302 to the same resources with https. Due to the fact that the default fake certificate of nginx is invalid, these don't get loaded.

If I access these assets directly in my browser (e.g. http://myapp.cloud/assets/style.css), I also get redirected 302 to http://myapp.cloud/assets/style.css and this doesn't load because the nginx certificate is invalid.

If I port-forward to the k8s service directly via http, they are loaded correctly.

Is there a possibility to make this work with http only or do I absolutely need to use a certificate manager etc. and make this work via https? What is missing in my configuration/settings?

p_efros
  • 301
  • 2
  • 11
  • you are not redirected form auth server after login success ? looks like 302 redirecting all resources maybe inyour case. – Harsh Manvar Jan 31 '23 at 13:50
  • The login page is not loaded because the static assets (css, js) do not get loaded via http, but a redirect to https happens for them. – p_efros Feb 01 '23 at 09:32
  • got that but what redireacting to those to https ? is it your code ? – Harsh Manvar Feb 01 '23 at 09:35
  • that's the question I have been trying to find the answer to. I'm assuming it's nginx and I can't find out why and how to switch that off. – p_efros Feb 01 '23 at 10:29

1 Answers1

0

I have decided to go with enabling HTTPS with a self-signed certificate, I think there's currently no way around it.

p_efros
  • 301
  • 2
  • 11