Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

api_gateway SSL false by default #170

Open
wants to merge 1 commit into
base: master-next
Choose a base branch
from

Conversation

oldgiova
Copy link
Contributor

No description provided.

@j-rivero
Copy link
Contributor

j-rivero commented May 8, 2024

+1 if I can add some feedback. I've been debugging the problem of a permanent 302 redirection for some hours fighting with different documentation and parameters. My use case was the use of ingress-nginx, global.urls set to https://my_domain, tls section enabled. If the apt.gateway.env.SSL is set to true then there is permanent redirection with the output:

$ k logs -n mender service/mender-api-gateway -f

{"ClientAddr":"10.244.0.36:44464","ClientHost":"10.244.0.36","ClientPort":"44464","ClientUsername":"-","DownstreamContentSize":5,"DownstreamStatus":302,"Duration":78709,"GzipRatio":0,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":78709,"RequestAddr":"my_domain","RequestContentSize":0,"RequestCount":155,"RequestHost":"my_domain ","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"http","RetryAttempts":0,"RouterName":"redirect-to-https@file","StartLocal":"2024-05-08T16:52:48.127952619Z","StartUTC":"2024-05-08T16:52:48.127952619Z","entryPointName":"http","level":"info","msg":"","time":"2024-05-08T16:52:48Z"}
{"ClientAddr":"10.244.0.36:44464","ClientHost":"10.244.0.36","ClientPort":"44464","ClientUsername":"-","DownstreamContentSize":5,"DownstreamStatus":302,"Duration":67667,"GzipRatio":0,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":67667,"RequestAddr":"mydomain","RequestContentSize":0,"RequestCount":156,"RequestHost":"mydomain","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"http","RetryAttempts":0,"RouterName":"redirect-to-https@file","StartLocal":"2024-05-08T16:52:48.145969954Z","StartUTC":"2024-05-08T16:52:48.145969954Z","entryPointName":"http","level":"info","msg":"","time":"2024-05-08T16:52:48Z"}
....

I don't fully understand the underlying problem but my bet is that there is a competition for handling the HTTPS requests. @oldgiova is this correct?

@oldgiova oldgiova mentioned this pull request Sep 17, 2024
15 tasks
@alfrunes alfrunes mentioned this pull request Oct 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants