Question 18717 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

nginx ingress redirect to https based on header – Amazon Web Sevices

I have a EKS setup where traffic is sent in the following way.

Users -> Cloudfront -> ALB -> EKS. EKS has an NginX ingress controller.

Currently "force-ssl-redirect" is enabled and hence, NginX ingress controller redirects all HTTP traffic to HTTPS.

I want Cloudfront to connect with ALB using HTTP. Hence, I am looking to have a conditional HTTPS redirect in NginX controller.

Hence,

  1. I will set a custom header to requests in from Cloudfront
  2. If this new header is found, I want NginX controller to return the correct response in HTTP. If not, I want to redirect to HTTPS.

How can this be done?

Tags:

2

Answers


  1. 0

    I assume that you would like to add a custom header on Cloudfront, and then do a redirect on the Nginx side.

    1. You can add custom headers to the request via Cloudfront Functions – https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-functions.html

    2. Then I think you need to use the nginx.ingress.kubernetes.io/configuration-snippet annotation in the Ingress Kubernetes resource to add custom configuration to the Nginx location. Maybe something like this can work:

    kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: redirect
  annotations:
    nginx.ingress.kubernetes.io/configuration-snippet: |
        if ($http_x_custom_header) {
            return 301 http://$host$request_uri;
        }
        return 301 https://$host$request_uri;
spec:
  rules:
  - host: ...
    Login or Signup to reply.
  2. 0

    You can use the NginX configuration map for conditional HTTPS redirection.

    You need to create Nginx Configuration with a custom snippet for checking the custom header set by CloudFront.

    apiVersion: v1
Kind: ConfigMap

Metadata:
Name: nginx-config

Data:

Ssl-redirect-snippet:  |
If ($http_cf_custom_header) {
Return 301 http://$server_name$request_uri;
}
Return 301 https://$server_name$request_uri;

    If header is present, NginX returns a 301 redirect with HTTP; if it is not present it will redirect to same URL using HTTPS

    Now you need to add configuration map to your NginX ingress controller

    apiVersion: networking.k8s.io/v1
Kind: Ingress
Metadata:
Name: my-ingress
Annotations:
nginx.ingress.kubernetes.io/configuration-snippet:  |
Include /etc/nginx/ssl-redirect-snippet;

Spec:
Rules:
-host: my.domain.com
Http:
Paths:
-Path: /
pathType: Prefix
Backend:
Service:
Name: my-service
Port:
Name: http

    You need to set CLoudFront to include ‘http_cf_custom_header’ when you are forwarding to ALB. Check this official page and for further information check AWS official documentation.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search