spurious redirects to https #1
Description
I've installed this helm chart with the following values file:
signserver:
useEphemeralH2Database: false
env:
DATABASE_JDBC_URL: jdbc:mariadb://signserver-mariadb-mariadb-0.signserver-mariadb-mariadb:3306/signserver?characterEncoding=UTF-8
DATABASE_USER: signserver
DATABASE_PASSWORD: tq9Sry1O
services:
directHttp:
enabled: false
proxyAJP:
enabled: true
type: ClusterIP
bindIP: 0.0.0.0
port: 8009
proxyHttp:
enabled: false
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
nginx.ingress.kubernetes.io/auth-tls-secret: signserver/managementca-secret
cert-manager.io/cluster-issuer: ca-issuer
hosts:
- host: "signserver.bdiw.dev.pass.lan"
paths:
- path: /signserver
pathType: Prefix
tls:
- hosts:
- signserver.bdiw.dev.pass.lan
secretName: signserver.bdiw.dev.pass.lan-tlsand this seems to work at first sight.
However, there are sometimes redirects happening to the TLS version of the site:
wouter@pc220518:~$ curl -I http://signserver.bdiw.dev.pass.lan/signserver/clientweb/
HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: JSESSIONID=vf5M7fmJ89ytAV14aahJPu0B6zPJZF_Ng1S5yvxC.signserver-signserver-community-helm-6dd8c6fb6f-8b7zf; path=/signserver; secure; HttpOnly
X-FRAME-OPTIONS: DENY
Location: https://signserver.bdiw.dev.pass.lan/signserver/clientweb/genericfile.xhtml
Date: Mon, 12 Feb 2024 10:25:02 GMTi.e., the Location header should not have 'https' in it.
An option could be to have multiple ingresses configured on the same hostname for different paths, with the one for the paths under the admin web requiring the TLS certificate, and the rest not?