Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make proxy redirect to 443 instead of 8443 #1337

Merged
merged 1 commit into from
Sep 30, 2019

Conversation

LucidNeko
Copy link
Contributor

configurable-http-proxy redirects to '--port' which in this case is 8443 and unresolvable outside of the cluster.

The master branch now uses version 4.1.0 of configurable-http-proxy which added '--redirect-to' to solve this problem.

configurable-http-proxy redirects to '--port' which in this case is 8443 and unresolvable outside of the cluster.
@consideRatio
Copy link
Member

consideRatio commented Sep 30, 2019

I'm reading up about the command line options for CHP.

--port (defaults to 8000) Public-facing port of the proxy
--redirect-port Redirect HTTP requests on this port to the server on HTTPS
--redirect-to Redirect HTTP requests from --redirect-port to this port

I'm explaining to myself while thinking things through.

If we the CHP accepts HTTPS traffic and will make the TLS termination, traffic on the http:// port should be redirected to the https:// port. But, a redirect is simply a response to the client saying "hey visit this address", but if that address is the container local one as compared to the address to reach it from outside, which requires a passage of the k8s Service and the Pod, then it may not end up in the right spot.

Your change makes a lot of sense to me, I'm sorry you had to experience such a slow response, thank you for your contribution! ❤️ 🌻 @LucidNeko !

For reference

Service to pod port mapping

ports:
- name: http
port: 80
protocol: TCP
{{- if $autoHTTPS }}
targetPort: 80
{{- else }}
targetPort: 8000
{{- end }}
# allow proxy.service.nodePort for http
{{- if .Values.proxy.service.nodePorts.http }}
nodePort: {{ .Values.proxy.service.nodePorts.http }}
{{- end }}
{{- if $HTTPS }}
- name: https
port: 443
protocol: TCP
{{- if or $manualHTTPS $manualHTTPSwithsecret }}
targetPort: 8443
{{- else if $offloadHTTPS }}
targetPort: 8000
{{- else }}
targetPort: 443
{{- end }}
{{- if .Values.proxy.service.nodePorts.https }}
nodePort: {{ .Values.proxy.service.nodePorts.https }}
{{- end }}
{{- end }}

Pod to container port mapping

ports:
{{- if or $manualHTTPS $manualHTTPSwithsecret }}
- containerPort: 8443
name: proxy-https
{{- end }}
- containerPort: 8000
name: proxy-public
- containerPort: 8001
name: api

@consideRatio consideRatio merged commit 83f7764 into jupyterhub:master Sep 30, 2019
@meeseeksmachine
Copy link

This pull request has been mentioned on Jupyter Community Forum. There might be relevant details there:

https://discourse.jupyter.org/t/manual-https-how-to-forward-from-http/2362/3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants