I have deployed multiple backend services behind a single ingress controller. When I load the portal application (its a web portal through which other applications can be launched from menu), the portal site loads fine and the site shows secure. When I launch the other application by selecting one from the menu, the app that is selected launches in a new tab and when this is done, not only the new web page that shows insecure on the new tab but the portal web page on the previous tab also switches to insecure. This is occurring only for specific backend applications. Some of the containers have more than 1 application running on them, some applications do not complain insecure where as others do even though they run on same tomcat. For instance if I open multiple applications via main app (lets say about 4 backend apps on 4 tabs) and all of them show secure and now if I launch a 5th application that pulls up on the 5th tab and this shows insecure, now if I go back to those previous 4 tabs they too now complains insecure without even refreshing those 4 tabs. The ingress domain SSL certificates are managed by infra and are valid.
Screenshot: Before:
After launching a web app on a new tab, the new and the original tab switches to insecure:
This has been puzzling me for sometime, is it that the browser detecting some insecure faulty config ?
My app run on tomcat on a container on a Rancher. I have tried below approaches which did not work,
1> Initially my backends were running on 8080, so I went ahead and generated a java keystore and enabled https on the tomcat and made it run on 8443. Made the services point to 8443 instead of 8080
2> Enable crossContext="true" on the tomcat/conf/context.xml thinking the sharing of contexts between sites may help but it did not.
Below is my ingress controller yaml. Much appreciated if anyone can provide pointers on what else I can try or what could be the problem area.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: 'abcd'
namespace: 'dev1'
annotations:
appgw.ingress.kubernetes.io/backend-path-prefix: "/"
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
labels:
project: 'abcd'
spec:
ingressClassName: nginx
rules:
- host: somedomain.corp.intranet
http:
paths:
- backend:
service:
name: portal-dev1
port:
number: 8443
path: /
pathType: ImplementationSpecific
- backend:
service:
name: portal-dev1
port:
number: 8443
path: /portal
pathType: ImplementationSpecific
- backend:
service:
name: cfml-dev1
port:
number: 8443
path: /cfml
pathType: ImplementationSpecific
- backend:
service:
name: webapp1-dev1
port:
number: 8443
path: /webappA
pathType: ImplementationSpecific
tls:
- hosts:
- somedomain.corp.intranet
status:
loadBalancer:
ingress:
- ip: someIpList
I have deployed multiple backend services behind a single ingress controller. When I load the portal application (its a web portal through which other applications can be launched from menu), the portal site loads fine and the site shows secure. When I launch the other application by selecting one from the menu, the app that is selected launches in a new tab and when this is done, not only the new web page that shows insecure on the new tab but the portal web page on the previous tab also switches to insecure. This is occurring only for specific backend applications. Some of the containers have more than 1 application running on them, some applications do not complain insecure where as others do even though they run on same tomcat. For instance if I open multiple applications via main app (lets say about 4 backend apps on 4 tabs) and all of them show secure and now if I launch a 5th application that pulls up on the 5th tab and this shows insecure, now if I go back to those previous 4 tabs they too now complains insecure without even refreshing those 4 tabs. The ingress domain SSL certificates are managed by infra and are valid.
Screenshot: Before:
After launching a web app on a new tab, the new and the original tab switches to insecure:
This has been puzzling me for sometime, is it that the browser detecting some insecure faulty config ?
My app run on tomcat on a container on a Rancher. I have tried below approaches which did not work,
1> Initially my backends were running on 8080, so I went ahead and generated a java keystore and enabled https on the tomcat and made it run on 8443. Made the services point to 8443 instead of 8080
2> Enable crossContext="true" on the tomcat/conf/context.xml thinking the sharing of contexts between sites may help but it did not.
Below is my ingress controller yaml. Much appreciated if anyone can provide pointers on what else I can try or what could be the problem area.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: 'abcd'
namespace: 'dev1'
annotations:
appgw.ingress.kubernetes.io/backend-path-prefix: "/"
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
labels:
project: 'abcd'
spec:
ingressClassName: nginx
rules:
- host: somedomain.corp.intranet
http:
paths:
- backend:
service:
name: portal-dev1
port:
number: 8443
path: /
pathType: ImplementationSpecific
- backend:
service:
name: portal-dev1
port:
number: 8443
path: /portal
pathType: ImplementationSpecific
- backend:
service:
name: cfml-dev1
port:
number: 8443
path: /cfml
pathType: ImplementationSpecific
- backend:
service:
name: webapp1-dev1
port:
number: 8443
path: /webappA
pathType: ImplementationSpecific
tls:
- hosts:
- somedomain.corp.intranet
status:
loadBalancer:
ingress:
- ip: someIpList
1 Answer
Reset to default 1The error suggests (!?) that at least one reference in the apps that trigger the error is being retrieved over a non-TLS endpoint.
Identify each of the apps that trigger the error and scour them for http://.
Not just HTML but images, scripts, css, every file that loads over a URL needs to use TLS.
http://– DazWilkin Commented Mar 30 at 18:35