Skip to content

Ingress controller http http redirection on AWS NLB SSL termination #12877

New issue
New issue
Open
Open
Ingress controller http http redirection on AWS NLB SSL termination#12877
Labels
kind/supportCategorizes issue or PR as a support question.lifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.needs-prioritytriage/needs-informationIndicates an issue needs more information in order to work on it.
@armanbaghajyan

Description

@armanbaghajyan
armanbaghajyan
opened on Feb 21, 2025

What happened:

Environment:
Platform AWS EKS
Load balancer: NLB
SSL termination on NLB

Getting TOO MANY REDIRECTION issue

What you expected to happen:

Http to https redirection and terminate SSL on AWS NLB

NGINX Ingress controller version (exec into the pod and run /nginx-ingress-controller --version):

NGINX Ingress controller
Release: v1.12.0
Build: ba73b2c
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.25.5

Kubernetes version (use kubectl version):

Client Version: v1.31.1
Kustomize Version: v5.4.2
Server Version: v1.32.0-eks-5ca49cb

Ingress controller installed via helm

ingress-nginx ingress-nginx-controller 8 2025-02-21 08:16:38.578127717 +0000 UTC deployed ingress-nginx-4.12.0 1.12.0

Values.yaml file

controller:
  replicaCount: 2
  containerPort:
    http: 80
    https: 80
    tohttps: 2443
  config:
    http-snippet: |
      server {
        listen 2443;
        return 308 https://$host$request_uri;
      }
    proxy-real-ip-cidr: "0.0.0.0/0"
    use-forwarded-headers: "true"
  electionID: ingress-controller-leader
  ingressClassResource:
    name: ingress-nginx
    enabled: true
    default: true
    controllerValue: "k8s.io/ingress-nginx"
  service:
    internal:
      enabled: false
      ports:
        http: 80
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-name: "${cluster_name}-internal"
        service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
    externalTrafficPolicy: Local
    annotations:
      alb.ingress.kubernetes.io/target-type: instance
      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-name: "nlb-public"
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:aws-"
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
      service.beta.kubernetes.io/aws-load-balancer-type: nlb
    loadBalancerSourceRanges:
      - 0.0.0.0/0
    enableHttp: true
    enableHttps: true
    ports:
      https: 443
      http: 80
    targetPorts:
      http: tohttps
      https: http

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/supportCategorizes issue or PR as a support question.lifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.needs-prioritytriage/needs-informationIndicates an issue needs more information in order to work on it.

    Type

    No type

    Projects

    [SIG Network] Ingress NGINX

    • Status

      No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions