nginx k8s ingress - forcing www AND https?
You need to add the certificate for the domain you want to be redirected:
apiVersion: extensions/v1beta1kind: Ingressmetadata: name: foo-https-ingress annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/from-to-www-redirect: "true"spec: rules: - host: foo.com http: paths: - backend: serviceName: foo-prod-front servicePort: 80 path: / - host: www.foo.com http: paths: - backend: serviceName: foo-prod-front servicePort: 80 path: / tls: - hosts: - foo.com - www.foo.com secretName: tls-secret
I am not completely sure, whether from-to-www-redirect
works with this setup, but you can replace it with the following lines, which do work:
nginx.ingress.kubernetes.io/configuration-snippet: | if ($host = 'foo.com' ) { rewrite ^ https://www.foo.com$request_uri permanent; }
I have the following doing the job with the latest nginx-ingress 0.25.1
:
apiVersion: extensions/v1beta1kind: Ingressmetadata: name: ingress-rule-web annotations: kubernetes.io/ingress.class: nginx certmanager.k8s.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/from-to-www-redirect: 'true'spec: rules: - host: foo.org http: paths: - path: / backend: serviceName: web servicePort: 80 tls: - hosts: - foo.org - www.foo.org secretName: letsencrypt-prod
I found the docs to be confusing here as well. Below is an example i have working. I believe you need to define the naked url in tls certs to avoid a cert error(your cert needs to be valid for both foo.com and www.foo.com). You CANNOT list the naked url under rules: hosts because that will get picked up prior to the redirect.
http://foo.com -> https://www.foo.com
https://foo.com -> https://www.foo.com
http://www.foo.com -> https://www.foo.com
apiVersion: extensions/v1beta1kind: Ingressmetadata: name: foo-https-ingress annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/from-to-www-redirect: "true"spec: rules: - host: www.foo.com http: paths: - backend: serviceName: foo-frontend servicePort: 80 path: / tls: - hosts: - foo.com - www.foo.com secretName: tls-secret