-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS ELB tries to make SSL/HTTPS connection to the nginx ingress controller, nginx shows error message "broken header" #6633
Comments
@marianobilli please check the script that configures the static yaml manifest for AWS TLS termination in the ELB
|
That is no possible. For this to work, you need SSL certificated in ingress-nginx, i.e., secrets with a certificate for the host/s. |
|
That is why I showed in the config that I setup a server certificate on the ingress with this config, Im not sure why you say it is not possible.
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
Rotten issues close after 30d of inactivity. Send feedback to sig-contributor-experience at kubernetes/community. |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
NGINX Ingress controller version: v0.41.2
Kubernetes version (use
kubectl version
): v1.16.15Environment:
uname -a
): 3.10.0-1127.19.1.el7.x86_64 Basic structure #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 x86_64 x86_64 GNU/LinuxWhat happened: When ELB tries to make SSL/HTTPS connection to the nginx ingress controller, nginx shows error message "broken header"
NGINX Full Log
TCP Dump on node
![Screenshot 2020-12-16 at 10 29 10](https://user-images.githubusercontent.com/14143004/102330237-9652a480-3f89-11eb-8d0d-8368f0eeb9c1.png)
What you expected to happen:
ELB can terminate TLS and proxy to upstream nginx ingress controller port 443.
How to reproduce it:
Configure ingress controller with following parameters
Configure ingress controller service with following annotations
Configure a simple echo service with a TLS certificate
Anything else we need to know:
Solution attempt #1: I've applied solution of #2182 but it didnt worked and even used the old ciphers.
Solution attempt #2: I've tried using https for backend protocol
Solution attempt #4: I've tried adding this config in ingress config-map
Solution attempt #5: I've also seen messages that proxy protocol might be not correctly enabled in the ELB for my configured ports however I cheked and It is, but it does not solve the problem
ELB Describe
/kind bug
The text was updated successfully, but these errors were encountered: