I am trying to test mTLS but I am getting 302 when I curl the host defined in ingress resource.
$ curl https://my.example.com --cert client.crt --key client.key -k
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
Here's the ingress:
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/auth-tls-secret: "default/ca-secret"
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
name: nginx-ingress
namespace: default
spec:
ingressClassName: nginx
rules:
- host: my.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-svc
port:
number: 80
tls:
- hosts:
- my.example.com
secretName: tls-secret
Here's the ingress controller log:
kubectl logs ingress-nginx-controller-79236f5c-gzgwl -n ingress-nginx -f
...
...
192.168.219.64 - - [15/Aug/2022:17:56:53 0000] "GET / HTTP/1.1" 302 138 "-" "curl/7.29.0" 80 0.000 [] [] - - - - ae4b4fd210
I can curl the service nginx-svc successfully using the cluster-ip associated with the service. Any idea what's wrong with the ingress configuration?
CodePudding user response:
Try:
curl https://my.example.com --cert client.crt --key client.key -k -v -o /dev/null
to see the headers -- you can then see what it is redirecting to. A possibility is that it's redirecting https://my.example.com
to https://my.example.com/