Hi,
I have a problem with configuration which drive me crazy.
My setup:
Haproxy on serwer with IP 10.1.1.2
Ingress controller on Tanzu with IP 10.22.1.100
Ingress controllers which was testeed are Nginx/Haproxy/Contour.
I want use haproxy to rewrite address and expose it to Internet:
Ingress use static IP 10.1.1.2 with wildcard certificate.
Every ingress address is out with https for example: https://webapp-dev.domain.com
What I need is to rewrite this address to: https://webapp-dev.example.com add another SSL certificate.
Traffic will look like this:
User -(https://webapp.example.com)->Haproxy (rewirte address and redirect to )->Ingress controller(https://webapp-dev.domain.com)->App in Kubernetes cluster
I setup everything like this:
frontend http_frontend
bind 10.1.1.2 :80
bind 10.1.1.2 :443 ssl crt certificate.pem
redirect scheme https if !{ ssl_fc }
acl is_webapp-dev hdr(host) -i webapp-dev.example.com
use_backend webapp-dev if is_webapp-dev
backend backend webapp-dev
option forwardfor
http-request set-header Host webapp-dev.domain.com
server webapp-dev webapp-dev.domain.com:443 check ssl verify none
Problem to solve:
After setup ingress controller Haproxy/Contour it works if I set backend to port 80:
webapp-dev.domain.com:80 check #ssl verify none
If backend is set to port 443 i got error 503:
“503 Service Unavailable” if I try to access it thru: https://webapp-dev.example.com
but using origin address: https://webapp-dev.domain.com everything work fine.
I don’t know how to setup Haproxy to manage it.
With Nginx ingress controller i got error 400:
" Bad Request
The plain HTTP request was sent to HTTPS port"
Can any one help me correct my configuration.
Traffic over http is not allowed, because i don’t want my user use - get curl or any other tools thru http.
It’s look like Haproxy not send correctly request to Ingress Controller.
Little update:
I make some research with simple curl and found something:
If curl look like this:
curl --header https://test-ingress.example.pl --header “X-MyHeader: test-ingress” https://webapp-dev.domain.com
where test-ingress is my frontend of haproxy and webapp-dev is backend everything work finebut if I use this (without "–“header” after curl):
curl https://test-ingress.example.pl --header “X-MyHeader: test-ingress” https://webapp-dev.domain.com
First i get 503 error and then it’s work after that