I have a Java application running inside tomcat server (which is inside a pod), which is configured to work with https. I am using nginx ingress. The problem is, the nginx ingress is terminating the SSL and forwarding only plain http to the tomcat server (to the pod actually). Since the tomcat server is configured to work with only HTTPS, it is not accepting the traffic.
Following doesn't work:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
Finally I have found the answer:
I have to add the following 2 lines:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
So the ingress is like this (I have also added some comment to describe and also to show which options I tried and didn't work, so that you don't waste your time):
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-resource-staging
namespace: staging-space
annotations:
kubernetes.io/ingress.class: nginx #You may deploy any number of ingress controllers within a cluster. When you create an ingress, you should annotate each ingress with the appropriate ingress.class to indicate which ingress controller should be used if more than one exists within your cluster.
#If you do not define a class, your cloud provider may use a default ingress controller.
#nginx.ingress.kubernetes.io/ssl-passthrough: "true"
##Following 2 lines are important, otherwise the SSL is terminated at the ingress level and the
## traffic sent to the service is plain http and then tomcat complains that the host and port combination
## needs https connection (in the tomcat server we have enabled the HTTPS internally)
## We want to forward the HTTPS traffic to the pods
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
#tls:
# - hosts:
# - yourhost.com
rules:
- host: yourhost.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: my-app-service
port:
#number: 8080
number: 8443