0

I have a problem with https redirect from call initiated in the backend. I have a Nginx Ingress Controller with the following setup:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
    name: ingress-sample
    annotations:
      kubernetes.io/ingress.class: "nginx"
      nginx.ingress.kubernetes.io/affinity: cookie
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
    rules:
    - http:
        paths:
        - path: /
          backend:
            serviceName: sample
            servicePort: 8080

It works fine when client access the page through the browser - it uses https to contact with a load balancer and the traffic from the load balancer to pods in the cluster uses HTTP (so SSL is terminated at LB level and a client is forced to use HTTPS). However, when I try to call from my Java application the URL which uses HTTP (like a client is doing) I expect to be redirected automatically to the HTTPS. I receive the correct response (308 permanent redirect) but my call is not automatically moved to https. Is some annotation missing?

4c74356b41
  • 69,186
  • 6
  • 100
  • 141
Adam
  • 884
  • 7
  • 29

2 Answers2

0

no, I'm not a java expert, but I suppose your java app doesnt follow redirects (since you are getting 308 permanent redirect) especially since you confirmed this works in the browser. Try something like this:

https://www.mkyong.com/java/java-httpurlconnection-follow-redirect-example/
URLConnection Doesn't Follow Redirect

4c74356b41
  • 69,186
  • 6
  • 100
  • 141
  • I cannot change the app right now. I am trying to figure out how it can be done through Nginx. – Adam Dec 19 '18 at 20:45
  • it does that. if your application doesnt follow redirects nothing nginx cant do. it operates using HTTP protocol. it does everything according to the protocol. you cant achieve this via ingress, you can achieve this via service, just forward port 80 to 443, but you would lose ssl termination – 4c74356b41 Dec 19 '18 at 20:51
  • Proxy can't do that? – Adam Dec 19 '18 at 20:55
  • like i said, ingress is issuing a http redirect return code, its the responsibility of the caller (java app in this case) to honour the return code. nothing nginx can do if the app doesnt honour it. https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections – 4c74356b41 Dec 19 '18 at 20:58
  • Is it possible to define the custom redirect code? Instead of 308? – Adam Dec 19 '18 at 21:15
  • I am using version 0.17.1 and I do not see annotation which can customize it. – Adam Dec 19 '18 at 22:09
  • I was able to change redirect code to 301 via Config Map. Now my application handles it correctly – Adam Dec 20 '18 at 09:29
  • interesting, share the solution? – 4c74356b41 Dec 20 '18 at 09:54
0

In my Java application, I was using Apache Http Client version 4.5.5. This client uses DefaultRedirectStrategy class which handles redirection. I checked the implementation and in this version it does not handle code 308 (does not redirect). Because I did not want to change anything in the application code I found out that it is possible to change redirect code which is used by Nginx. It can be achieved via ConfigMap:

apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app: nginx-ingress
    chart: nginx-ingress-0.17.1
    component: "controller"
    heritage: Tiller
    release: sample-nginx
  name: sample-ingress-controller
data:
  http-redirect-code: "301"

Apache Http Client in version 4.5.5 follows redirects with 301 response code so now everything works fine. Recently there was also a commit to the Apache Http Client repo which handles 308 response code the same way as 301.

Adam
  • 884
  • 7
  • 29