Skip to content
This repository has been archived by the owner on Apr 17, 2019. It is now read-only.

Nginx Ingress Controller not enabling TLS/HTTPS #1592

Closed
wernight opened this issue Aug 22, 2016 · 4 comments
Closed

Nginx Ingress Controller not enabling TLS/HTTPS #1592

wernight opened this issue Aug 22, 2016 · 4 comments
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@wernight
Copy link
Contributor

Following https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tls and other examples there I my Nginx Ingress works on HTTP but refuses to connect on port 443 even when I'm directly on that Pod. The generated nginx.conf does not contain any 443, and my Ingress definition worked on GCE Ingress.

Another strange thing is that https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tls describes the standard tls.key and tls.crt (also used by GCE Ingress) but then https://github.com/kubernetes/contrib/blob/master/ingress/controllers/nginx/examples/tls/dhparam.sh generates a dhparam.pem and I also get a matching warning from Nginx Ingress Controller:

ssl.go:132] no file dhparam.pem found in secrets

Possibly related to #1525
@wernight
Copy link
Contributor Author

Looking at https://github.com/kubernetes/contrib/blob/53cc5309d8228c9b3f3d06c5db02cce06ef8e43a/ingress/controllers/nginx/controller.go#L869 I found a matching error Secret default/ does not exists, which means it's looking for a secret named default/ (or actually empty in namespace default).

The reason was a wrong Ingress (with extra -):

spec:
  tls:
    - secretName: tls-certificate
    - hosts:
        - foo.com

May be a better error for Secret %v does not exists would be helpful.

wernight added a commit to wernight/contrib that referenced this issue Aug 22, 2016
@wernight
Update controller.go
174ad09 
Better error message when there is no secretName provided.

Fixes kubernetes-retired#1592
@wernight wernight mentioned this issue Aug 22, 2016
Closed
@lucklove lucklove mentioned this issue Mar 16, 2017
Closed
@fejta-bot
Copy link

Issues go stale after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or @fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 17, 2017
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or @fejta.
/lifecycle rotten
/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jan 16, 2018
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update controller.go wernight/contrib
3 participants
@wernight @k8s-ci-robot @fejta-bot