Fix `ingress-nginx` listening port for `ADDITIONAL_HOST`
While struggling to get TLS to work on ADDITIONAL_HOST
,
I found out that ingress-nginx
does not pickup tls properly.
Current implementation
config ingress something like:
# ...
tls:
- hosts:
- original.host.com # Auto DevOps host
- additional.host.com # ADDITIONAL_HOST
secretName: staging-auto-deploy-tls
status:
# ...
which produces separate nginx:
note the difference in listening port
# ...
# Auto DevOps host with working TLS
server {
server_name original.host.com ;
listen 80;
listen [::]:80;
set $proxy_upstream_name "-";
listen 443 ssl http2;
listen [::]:443 ssl http2;
# ...
# ADDITIONAL_HOST without https
server {
server_name additional.host.com ;
listen 80;
listen [::]:80;
set $proxy_upstream_name "-";
location / {
# ...
while
Workaround
separating tls hosts refering ingress-nginx multi-tls example
# ...
tls:
- hosts:
- original.host.com # Auto DevOps host
secretName: staging-auto-deploy-tls
- hosts:
- additional.host.com # ADDITIONAL_HOST
secretName: additional-host-com-staging-auto-deploy-tls # different secret name to prevent conflict
status:
# ...
produces correct nginx config
# ...
# Auto DevOps host
server {
server_name original.host.com ;
listen 80;
listen [::]:80;
set $proxy_upstream_name "-";
listen 443 ssl http2;
listen [::]:443 ssl http2;
# ...
# ADDITIONAL_HOST
server {
server_name additional.host.com ;
listen 80;
listen [::]:80;
set $proxy_upstream_name "-";
listen 443 ssl http2;
listen [::]:443 ssl http2;
location / {
# ...
Edited by sejun