Feature request: ssl-redirect on gce controller

[smeruelo]

Is there any plan to support ingress.kubernetes.io/ssl-redirect annotation on gce controller?

If not, what's the recommended workaround for this? Examining headers is not always possible, since backend application is often out of our control.

[hatemosphere]

i would not expect it to work it any time soon. here is feature request for https redirection and it's almost 2 years old https://issuetracker.google.com/issues/35904733
and i don't think it's possible without examining the headers. you can always switch to alternative ingress controller though.

[tonglil]

Another workaround is to run a proxy between GCLB and your app that checks the x-forwarded-proto header for https and redirects if it is http.

Or you can implement this in your app.

This is a pretty commonly implemented header by most load balancers/cdns to identify client->proxy/lb connections. It will look like this:

x-forwarded-proto=http
// or
x-forwarded-proto=https

---

In either case (workaround or some GCP solution), the request has already transmitted the data in plaintext over the internet so if that initial request had any sensitive data, it could already be sniffed.

If you don't want that, you can use this GCE Ingress annotation to disable requests to port 80 completely:

kubernetes.io/ingress.allow-http: "false"

[bowei]

This issue was moved to kubernetes/ingress-gce#51