400 Bad Request You're speaking plain HTTP to an SSL-enabled server port kubernetes pod

3.1k views Asked by At

I am getting the error "400 Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please."

What I am trying to achieve is :

1.Docker Run Docker Image which is using apache2 and Shibboleth both are running on port http(8090) & https(8443) respectively with self signed certificate. Running the image locally using the docker run it is working fine. http://localhost:8090/ ----> working fine https://localhost:8443/Shibboleth.sso/Status ----> giving cert error but after accept and ignore working fine. (Shibboleth service which is being accessed via apache2 000-default.conf ProxyPass /Shibboleth.sso/ https://localhost:8443/Shibboleth.sso/Status)

  1. Kubernetes Platform Below are the deployment,Service and Ingress created to access the same image.
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: test
  name: demo
  labels:
    app: demo
spec:
  #replicas: 1
  selector:
    matchLabels:
      app: demo-pod
  template:
    metadata:
      labels:
        app: demo-pod
    spec:
      containers:
      - image: <repository>public/demo-v1
        name: demo
        ports:
        - containerPort: 8154
          name: demo-ui
        - containerPort: 8090
          name: http
        - containerPort: 8443
          name: https
        securityContext:
          runAsNonRoot: true
          runAsUser: 1000
        resources:
           limits:
             cpu: 1000m
             memory: 8024Mi
           requests:
             cpu: 500m
             memory: 4096Mi 
      dnsPolicy: ClusterFirst
      imagePullSecrets:
      - name: regcred
      restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
  namespace: test
  name: demo-svc
  labels:
    app: demo
spec:
  selector:
    app: demo-pod
  ports:
  - port: 8154
    name: demo-ui
    targetPort: 8154
    protocol: TCP
  - port: 8090
    name: http
    targetPort: 8090
    protocol: TCP
  - port: 8443
    name: https
    targetPort: 8443
    protocol: TCP     
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: test
  name: demo-ing
  labels:
    app: demo
spec:
  ingressClassName: internal
  tls:
  - hosts:
    - demo.example.com
  rules:
  - host: demo.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: demo-svc
            port:
              number: 8090
      - path: /demo-ui
        pathType: Prefix
        backend:
          service:
            name: demo-svc
            port:
              number: 8090
      - path: /Shibboleth.sso
        pathType: Prefix
        backend:
          service:
            name: demo-svc
            port:
              number: 8443 

the default domain is using the https for *.example.com

when hitting **https://demo.example.com/ --> http://<pod-IP>:8090**  and working fine 
but when accessing the **https://demo.example.com/Shibboleth.sso/Status --- > http://<pod-IP>:8443**

And returning "400 Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please"

I have tried multiple solutions via ingress annotations and apache2 redirect as well but nothing seems to help.

when doing redirect on apache2 it is not taking the localhost as variable.

 RewriteEngine on
 ReWriteCond %{SERVER_PORT} !^8443$
 RewriteRule ^/Shibboleth.sso(.*) https://localhost:8443/Shibboleth.sso/$1 [NC,R,L]

not considering localhost and taking as dns.

Also tried to redirect at ingress level also which is giving 404 not found error.

Please help here !!!

1

There are 1 answers

3
Harsh Manvar On BEST ANSWER

Can you please try adding this annotation to your ingress file?

annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/secure-backends: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"