cintoSunny opened a new issue, #12507: URL: https://github.com/apache/druid/issues/12507
I want to do an SSL termination with Druid. My setup is on AWS EKS and has an ingress controller. But my URL gets redirected to `http` and not `HTTPS`. ```curl -ivk https://druid-dev.com/ * Connected to druid-dev.com (xxx.yyy.zzz.aa) port 443 (#0) > * Mark bundle as not supporting multiuse < HTTP/1.1 302 Found HTTP/1.1 302 Found ... < Location: http://druid-dev.com/unified-console.html ``` If I manually give the `X-forwarded-proto` in curl, it redirects correctly. Something like ``` curl -ivk -H "X-Forwarded-Proto: https" https://druid-dev.com:443 ... Location: https://druid-dev.com/unified-console.html ``` And if I access the https link directly it works. Just the redirect fails. This is my ingress yaml ```apiVersion: extensions/v1beta1 kind: Ingress metadata: name: aaa.elb.us-west-2.amazonaws.com namespace: druid annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/configuration-snippet: | more_set_headers "X-Forwarded-Proto: https"; nginx.ingress.kubernetes.io/proxy-connect-timeout: "900" nginx.ingress.kubernetes.io/proxy-read-timeout: "900" nginx.ingress.kubernetes.io/proxy-send-timeout: "900" spec: rules: - host: druid-dev.com http: paths: - path: /(.*) backend: serviceName: druid-router servicePort: 443 pathType: ImplementationSpecific ``` And here is the loadbalancer yaml ``` apiVersion: v1 kind: Service metadata: name: druid-router-nlb namespace: {{ .Release.Namespace }} annotations: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:733858622433:certificate/ccccc service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-TLS-23 service.beta.kubernetes.io/aws-load-balancer-type: nlb service.beta.kubernetes.io/aws-load-balancer-internal: "true" service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" spec: type: LoadBalancer selector: app: druid nodeSpecUniqueStr: druid-routers ports: - name: service port: 443 protocol: TCP targetPort: 8088 ``` I enabled request logging as well and the requests do hit my service (router in case of druid) I applied the config `enableForwardedRequestCustomizer` to true and still does not work. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
