Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding an AWS Cert and opening 80 and 443 doesn't work for plain http:// #268

Closed
julianvmodesto opened this issue Jun 28, 2017 · 1 comment

Comments

Projects
None yet
1 participant
@julianvmodesto
Copy link
Contributor

commented Jun 28, 2017

Looks like when using the "service.beta.kubernetes.io/aws-load-balancer-ssl-cert": "arn:aws:acm:...", both tcp-80 and tcp-443 are added as ports, and https:// will work, but http:// will return an empty reply for some reason.

Ingress annotation:

    ingress.appscode.com/annotations-service: '{"service.beta.kubernetes.io/aws-load-balancer-ssl-cert": "arn:aws:acm:..."}'

Generated service ports look good

  ports:
  - name: tcp-80
    nodePort: 30319
    port: 80
    protocol: TCP
    targetPort: 80
  - name: tcp-443
    nodePort: 30572
    port: 443
    protocol: TCP
    targetPort: 80

Below http fails

$ curl https://...elb.amazonaws.com -I --insecure
HTTP/1.1 302 Found

$ curl http://...elb.amazonaws.com -I -v
* Rebuilt URL to: ...elb.amazonaws.com/
*   Trying REDACTED...
* Connected to ...elb.amazonaws.com (REDACTED) port 80 (#0)
> HEAD / HTTP/1.1
> Host: ...elb.amazonaws.com
> User-Agent: curl/7.47.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host ...elb.amazonaws.com left intact
curl: (52) Empty reply from server

@julianvmodesto julianvmodesto changed the title Adding an AWS Cert and opening 80 and 443 doesn't work Adding an AWS Cert and opening 80 and 443 doesn't work for plain http:// Jun 28, 2017

@julianvmodesto

This comment has been minimized.

Copy link
Contributor Author

commented Jun 28, 2017

Hmm looks like this combination of annotations worked:

    ingress.appscode.com/annotations-service: '{"service.beta.kubernetes.io/aws-load-balancer-ssl-ports": "443", "service.beta.kubernetes.io/aws-load-balancer-ssl-cert": "arn:aws:acm:...", "service.beta.kubernetes.io/aws-load-balancer-backend-protocol": "http"}'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.