Kubernetes Ingress Service is missing

[eumel8]

Currently SSL termination is done in webapp lighthttd with self signed certificate. Would be nice to have a non-ssl port exposed to setup ingress service like ingress-nginx.

PS: not sure if it's the right place for the issue. Seems configuration of Dockerfile isn't here

[mengyiyuan]

Hi @eumel8, I am not an expert with Kubernetes, please bear with my question here. Could you elaborate a bit more on what you want to setup ingress-nginx for? Thanks!

[eumel8]

@mengyiyuan , sure!
A normal use case would be to terminate Internet traffic on specific Ingress nodes and pass through traffic to the application layer:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: whatsapp
  namespace: whatsapp
  annotations:
    certmanager.k8s.io/cluster-issuer: letsencrypt-production
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: whatsapp.example.com
    http:
      paths:
      - backend:
          serviceName: whatsapp-web-service
          servicePort: 8080
        path: /
  tls:
  - hosts:
    - whatsapp.example.com
     secretName: whatsapp-example-com

Additinal features like LetsEncrypt certificates would be possible.
The easiest way to get this done is an expose of a non-ssl http port, like 8080, from the container.

[mengyiyuan]

@eumel8 Sorry for my super late reply! Somehow this comment slipped through my inbox. Thanks a lot for the explanation as well.

If the purpose is to use a custom certificate for https traffic, we provide an API to upload your own certificate: https://developers.facebook.com/docs/whatsapp/api/certificates.

Would this be sufficient for your use case?

[eumel8]

@mengyiyuan Interesting. But we split our architecture typically in application layer (Whatsapp) and internet layer (Kubernetes Ingress Controller. The Ingress Controller terminated SSL connections and with Cert Manager we have a tool for automatically managemnet of SSL certificates with Let's Encrypt

[OElGebaly]

i am also facing the same problem, trying to run on k8s with ingress controller , i have implemented the same ingress above but i am getting the below error when sending traffic to the webapp
2021-04-30 12:13:42: (mod_openssl.c.1796) SSL: 1 error:1408F09C:SSL routines:ssl3_get_record:http request
2021-04-30 12:13:42: (mod_openssl.c.1796) SSL: 1 error:1408F09C:SSL routines:ssl3_get_record:http request
2021-04-30 12:13:42: (mod_openssl.c.1796) SSL: 1 error:1408F09C:SSL routines:ssl3_get_record:http request

[OElGebaly]

@eumel8 @mengyiyuan
does it happen to any of you guys to find any solution for this issue, i am facing this issue with my above comment showing the appearing errors after using the above ingress controller setup with k8s

[OElGebaly]

well , after a few investigations, i was able to solve the issue while keeping the ssl termination in webapp and setting the ingress port to 443 , i added the below line to the ingress annotations, and it worked

nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"

[mengyiyuan]

@OElGebaly @deniojunior Thanks a lot for working on this and sending the pull request.

Sorry that currently we do not have enough resources to maintain the Kubernetes solution, so I would not accept the PR for now because we just don't have enough resources to do the testing internally.

I will keep the PR and this issue open so that people who want to use the ingress service could refer to your examples. Thanks a lot for your understanding.

[rayburgemeestre]

For me creating an ingress with @OElGebaly's annotation nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" worked as well!