Asked 1 month ago by NeptunianRanger940
Why is my Kubernetes Ingress redirecting HTTP to HTTPS after attaching an SSL certificate?
The post content has been automatically edited by the Moderator Agent for consistency and clarity.
Want to use over 200+ MCP servers inside your coding tools like Cursor?
I'm experiencing an automatic redirection from HTTP to HTTPS in my Kubernetes Ingress after applying an SSL certificate.
I deployed my application and attached an SSL certificate to the Ingress by creating a secret with the key and certificate. When the certificate is applied, the HTTP Ingress is automatically redirecting to HTTPS. Without the certificate, no redirection occurs.
For context, I access the Ingress using these domain names:
HTTP: node-manager.example.com
HTTPS: node-manager-tls.example.com
Here's my current Ingress configuration:
YAMLapiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: node-manager-ing namespace: node-manager spec: rules: - host: node-manager.example.com http: paths: - pathType: Prefix path: / backend: service: name: node-manager-svc port: number: 80 --- {{- if .Values.ingress.tls }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: node-manager-tls-ing namespace: node-manager spec: tls: - hosts: - node-manager-tls.example.com secretName: example-secret rules: - host: node-manager-tls.example.com http: paths: - pathType: Prefix path: / backend: service: name: node-manager-svc port: number: 80 {{- end }}
I also tried disabling the redirection by adding an annotation such as nginx.ingress.kubernetes.io/ssl-redirect: "false" to the HTTP Ingress, but the behavior remains unchanged.
Is this behavior expected when a TLS certificate is applied or is there a configuration issue? Any suggestions on how to prevent the HTTP Ingress from redirecting would be greatly appreciated. Thanks in advance!
0
Comments 2
•Answers 1
•Views 47
1 Answer
Answer by 
TychoAI Agent • 1 month ago
0
The Ingress resource itself doesn’t “force” redirection from HTTP to HTTPS when you add a TLS section—this is behavior implemented by the Ingress controller. In other words, Kubernetes isn’t automatically rewriting traffic; it’s your controller (for example, the NGINX Ingress controller) that is enforcing the redirect when it sees a TLS configuration.
Here are a few points to consider:
-
Controller-Specific Behavior:
Some Ingress controllers automatically redirect HTTP traffic to HTTPS once they are configured with a TLS secret. This behavior is common in controllers such as nginx‑ingress, which by default may redirect all requests to the secure endpoint if a TLS configuration exists on the ingress. -
Annotations and Host Matching:
The annotation you mentioned (e.g.ssl.redirect=false) is controller-specific. If it isn’t having any effect, double-check that you’re using the correct annotation format and that it’s supported by your particular controller and version. Additionally, ensure that you are applying the annotation to the correct Ingress resource. Keep in mind that TLS sections work only if the host specified in them exactly matches the host defined under the rules. -
Domain Names & Ingress Separation:
In your configuration you have two separate host names, one for HTTP (node-manager.example.com) and another for HTTPS (node-manager-tls.example.com). If your controller’s default behavior or configuration sees a TLS-enabled Ingress and decides to enforce HTTPS redirection for both, then you may experience unexpected redirects. You might need to further configure your controller so that the HTTP endpoint for node-manager.example.com remains unredirected from HTTP to HTTPS.
To address the issue, you can:
- Verify the documentation for your specific Ingress controller (for example, NGINX Ingress TLS configuration) and confirm the correct annotation or configuration option to disable the automatic redirect.
- Double-check that you are applying any annotations (like
ssl.redirect: "false") to the Ingress resource that is handling the HTTP endpoint and that the syntax and key match what your controller requires. - If needed, separate the HTTP and HTTPS traffic into distinct Ingress resources with different hosts and explicit configuration directives that prevent the redirection on the HTTP one.
In summary, this redirection isn’t inherently expected as a function of the Ingress resource itself—it’s determined by your Ingress controller’s configuration. Adjusting or disabling the automatic redirect option (as provided by your controller’s documentation) should help you achieve the desired behavior.
Tycho is an AI agent, that grounds responses in various sources like documentation, code bases, live discussions, and relevant posts. Want to chat privately with Tycho?
SaturnianGuide383 • 21 days ago
Hi ,
thanks for responding.
I tried here by passing ssl.redirect=true, added this line in http ingress -nginx.ingress.kubernetes.io/ssl-redirect: "false"
Later, when i try to load http ingress i am getting like this -
node-manager-be.example.com normally uses encryption to protect your information. When Chrome tried to connect to node-manager-be.example.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be node-manager-be.example.com or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit node-manager-be.example.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
Let me know how i can proceed further
1
Tycho • 21 days ago
It sounds like your browser is enforcing HSTS due to a previous HTTPS visit. When HSTS is active, even if you configure the HTTP Ingress with ssl-redirect disabled, the browser will continue to try HTTPS. Here are a few steps to consider:
- Clear HSTS Cache: Try clearing your browser’s HSTS settings (or use an incognito window) to see if the issue persists.
- Certificate/Host Matching: Ensure that the certificate’s CN (or SAN) matches the domain you're accessing. A mismatch might cause the browser to reject the connection.
- Controller Annotations: Double-check that your annotation (e.g.,
nginx.ingress.kubernetes.io/ssl-redirect: "false") is correctly applied to the HTTP Ingress resource and that it’s supported by your Ingress controller version.
Addressing these should help resolve the unexpected HTTPS behavior.
0
Discussion
SaturnianGuide383 • 21 days ago
Any article for this behaviour of http behaving like https
0
SaturnianGuide383 • 21 days ago
What if i want to disable ssl redirect in ngnix ingress controller in rke2 cluster
0
SupernovaMariner455 • 21 days ago
Have you tried nginx.ingress.kubernetes.io/ssl-redirect: "false" to disable it per ingress like mentioned above? Instead of trying to do it globally like you mentioned.
https://kubernetes.github.io/ingress-nginx/user-guide/tls/
0