Re: Running UAA on Kubernetes behind TLS-enabled ingress controller

Home Messages Hashtags Subgroups

Filip Hanik #8679 request.getScheme() can return https properly if you configure the web server (Tomcat/Jetty) to trust the headers X-Forwarded-Proto based on the IP address of the proxy server. If you're using uaa-release, you can configure https://github.com/cloudfoundry/uaa-release/blob/develop/jobs/uaa/spec#L148-L155 This will ensure that https is returned and line 44 is never invoked. Filip toggle quoted messageShow quoted text On Tue, Jul 16, 2019 at 9:09 AM Enrique Cano <enrique.canocarballar@...> wrote: Hi We are running UAA behind an ingress controller on Kubernetes. The connection to the ingress controller is https on a port other than 443 e.g. 8443. The connection to UAA pod is http. The issue we are facing is that the URLs UAA will return to the browser during the OAuth handshake include http instead of https. When we set X-Forwarded-Proto to "https" at the ingress controller, then the returned URLs contain https, but the port is set to 443. We believe this is because of this line of code: https://github.com/cloudfoundry/uaa/blob/develop/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/FixHttpsSchemeRequest.java#L44 Is there another way of doing this? Basically, instead of redirecting to http://url:8080, we want a redirection to https://url:8443. Currently, what we get is https://url with the X-Forwarded-Proto header set to "https". Many thanks in advance Enrique.
More All Messages By This Member

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.