Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0.24.1 Redirect Loop #4265

Closed
mjhuber opened this issue Jul 2, 2019 · 6 comments · Fixed by #5374
Closed

0.24.1 Redirect Loop #4265

mjhuber opened this issue Jul 2, 2019 · 6 comments · Fixed by #5374
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@mjhuber
Copy link
Contributor

mjhuber commented Jul 2, 2019

NGINX Ingress controller version: .0.24.1
Kubernetes version : 1.11.10

Environment:

  • Cloud provider or hardware configuration: AWS
  • OS (e.g. from /etc/os-release): Debian 9
  • Kernel (e.g. uname -a): Debian 4.9.168-1+deb9u2 (2019-05-13) x86_64 GNU/Linux
  • Install tools: Kops

What happened:

Upgrading to the latest nginx-ingress chart version (v1.7) produced a redirect loop in an ingress. Annotating the ingress with nginx.ingress.kubernetes.io/force-ssl-redirect: false produced the same results. THe problem was not reproducible with 0.21.0 (nginx-ingress Chart version 1.0.1).

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx-ingress-external
  name: fe-uat
  namespace: uat
spec:
  rules:
  - host: <redacted>
    http:
      paths:
      - backend:
          serviceName: fe-uat
          servicePort: http
        path: /
  tls:
  - hosts:
    - <redacted>
$ curl -v https://<redacted>.com/
*   Trying 107.21.37.46...
* TCP_NODELAY set
* Connected to <redacted>.com (107.21.37.46) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=*.<redacted>.com
*  start date: Nov 14 00:00:00 2018 GMT
*  expire date: Dec 14 12:00:00 2019 GMT
*  subjectAltName: host "<redacted>.com" matched cert's "*.<redacted>.com"
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: <redacted>.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 308 Permanent Redirect
< Content-Type: text/html
< Date: Thu, 27 Jun 2019 14:13:42 GMT
< Location: https://<redacted>.com/
< Server: nginx/1.15.10
< Content-Length: 172
< Connection: keep-alive
<
<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx/1.15.10</center>
</body>
</html>
* Connection #0 to host <redacted>.com left intact

What you expected to happen:
Nginx proxies the request to the backend service.
@davidchua
Copy link

I have the same issue, it seems related to the breaking changes

https://kubernetes.github.io/ingress-nginx/examples/rewrite/#rewrite-target
#3174 (comment)

but my ingress does not use rewrite-targets.

@gdelgado
Copy link

Facing the same issue with v0.24.1 wondering if anyone found a fix for it.

Thanks..

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 11, 2020
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Mar 12, 2020
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@aledbf aledbf mentioned this issue Apr 14, 2020
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add port for plain HTTP to HTTPS redirection aledbf/ingress-nginx
5 participants
@davidchua @gdelgado @mjhuber @k8s-ci-robot @fejta-bot