Running UAA on Kubernetes behind TLS-enabled ingress controller #uaa


Enrique Cano
 

Hi

We are running UAA behind an ingress controller on Kubernetes. The connection to the ingress controller is https on a port other than 443 e.g. 8443. The connection to UAA pod is http.
The issue we are facing is that the URLs UAA will return to the browser during the OAuth handshake include http instead of https. When we set X-Forwarded-Proto to "https" at the ingress controller, then the returned URLs contain https, but the port is set to 443. We believe this is because of this line of code: https://github.com/cloudfoundry/uaa/blob/develop/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/FixHttpsSchemeRequest.java#L44
Is there another way of doing this? Basically, instead of redirecting to http://url:8080, we want a redirection to https://url:8443. Currently, what we get is https://url with the X-Forwarded-Proto header set to "https".

Many thanks in advance

Enrique.

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.