Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
      Lightweight, fast, and flexible cloud-native API gateway
      Kong Konnect
      Single platform for SaaS end-to-end connectivity
      Kong Mesh
      Enterprise service mesh based on Kuma and Envoy
      decK
      Helps manage Kong’s configuration in a declarative fashion
      Kong Ingress Controller
      Works inside a Kubernetes cluster and configures Kong to proxy traffic
      Kong Gateway Operator
      Manage your Kong deployments on Kubernetes using YAML Manifests
      Insomnia
      Collaborative API development platform
      Kuma
      Open-source distributed control plane with a bundled Envoy Proxy integration
  • API Specs
  • Plugin Hub
    • Explore the Plugin Hub
      View all plugins View all plugins View all plugins arrow image
    • Functionality View all View all arrow image
      View all plugins
      Authentication's icon
      Authentication
      Protect your services with an authentication layer
      Security's icon
      Security
      Protect your services with additional security layer
      Traffic Control's icon
      Traffic Control
      Manage, throttle and restrict inbound and outbound API traffic
      Serverless's icon
      Serverless
      Invoke serverless functions in combination with other plugins
      Analytics & Monitoring's icon
      Analytics & Monitoring
      Visualize, inspect and monitor APIs and microservices traffic
      Transformations's icon
      Transformations
      Transform request and responses on the fly on Kong
      Logging's icon
      Logging
      Log request and response data using the best transport for your infrastructure
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
Kong Ingress Controller
2.8.x
  • Home icon
  • Kong Ingress Controller
  • Guides
  • Configuring https redirect
github-edit-pageEdit this page
report-issueReport an issue
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kong Ingress Controller
  • Kong Gateway Operator
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 2.11.x (latest)
  • 2.10.x
  • 2.9.x
  • 2.8.x
  • 2.7.x
  • 2.6.x
  • 2.5.x
  • 2.4.x
  • 2.3.x
  • 2.2.x
  • 2.1.x
  • 2.0.x
  • 1.3.x
  • 1.2.x
  • 1.1.x
  • 1.0.x
enterprise-switcher-icon Switch to OSS
On this pageOn this page
  • Prerequisites
    • Install Kong
    • Test connectivity to Kong
  • Setup a Sample service
  • Setup HTTPS redirect
  • Test the configuration
You are browsing documentation for an outdated version. See the latest documentation here.

Configuring https redirect

Learn to configure the Kong Ingress Controller to redirect HTTP request to HTTPS so that all communication from the external world to your APIs and microservices is encrypted.

Before you begin ensure that you have Installed Kong Ingress Controller in your Kubernetes cluster and are able to connect to Kong.

Prerequisites

Install Kong

You can install Kong in your Kubernetes cluster using Helm.

  1. Add the Kong Helm charts:

     helm repo add kong https://charts.konghq.com
     helm repo update
    
  2. Install Kong Ingress Controller and Kong Gateway with Helm:

     helm install kong kong/ingress -n kong --create-namespace
    

Test connectivity to Kong

Kubernetes exposes the proxy through a Kubernetes service. Run the following commands to store the load balancer IP address in a variable named PROXY_IP:

  1. Populate $PROXY_IP for future commands:

     HOST=$(kubectl get svc --namespace kong kong-gateway-proxy -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
     PORT=$(kubectl get svc --namespace kong kong-gateway-proxy -o jsonpath='{.spec.ports[0].port}')
     export PROXY_IP=${HOST}:${PORT}
     echo $PROXY_IP   
    
  2. Ensure that you can call the proxy IP:

     curl -i $PROXY_IP
    

    The results should look like this:

     HTTP/1.1 404 Not Found
     Content-Type: application/json; charset=utf-8
     Connection: keep-alive
     Content-Length: 48
     X-Kong-Response-Latency: 0
     Server: kong/3.0.0
      
     {"message":"no Route matched with those values"}
    

    If you are not able to connect to Kong, read the deployment guide.

Setup a Sample service

  1. Create an httpbin service in the cluster and proxy it.

     kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.11.0/deploy/manifests/httpbin.yaml
    

    The results should look like this:

     service/httpbin created
     deployment.apps/httpbin created
    
  2. Create an Ingress rule to proxy the httpbin service.

    $ echo '
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: demo
      annotations:
        konghq.com/strip-path: "true"
    spec:
      ingressClassName: kong
      rules:
      - http:
          paths:
          - path: /test
            pathType: ImplementationSpecific
            backend:
              service:
                name: httpbin
                port:
                  number: 80
    ' | kubectl apply -f -
    

    The results should look like this:

    ingress.networking.k8s.io/demo created
    
  3. Test the Ingress rule.

    $ curl -i $PROXY_IP/test/status/200
    

    The results should look like this:

    HTTP/1.1 200 OK
    Content-Type: text/html; charset=utf-8
    Content-Length: 0
    Connection: keep-alive
    Server: gunicorn/19.9.0
    Date: Wed, 27 Sep 2023 10:37:46 GMT
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Credentials: true
    X-Kong-Upstream-Latency: 3
    X-Kong-Proxy-Latency: 1
    Via: kong/3.3.1
    

Setup HTTPS redirect

To instruct Kong to redirect all HTTP requests matching this Ingress rule to HTTPS, update its annotations.

  1. Limit the protocols of the Ingress rule to HTTPS only and issue a 308 redirect.

     $ kubectl patch ingress demo -p '{"metadata":{"annotations":{"konghq.com/protocols":"https","konghq.com/https-redirect-status-code":"308"}}}'
    

    The results should look like this:

     ingress.networking.k8s.io/demo patched
    
  2. Make a plain-text HTTP request to Kong and a redirect is issued.

     $ curl $PROXY_IP/test/headers -I
    

    The results should look like this:

     HTTP/1.1 308 Permanent Redirect
     Date: Tue, 06 Aug 2019 18:04:38 GMT
     Content-Type: text/html
     Content-Length: 167
     Connection: keep-alive
     Location: https://192.0.2.0/test/headers
     Server: kong/1.2.1
    

The Location header contains the URL you need to use for an HTTPS request. This URL varies depending on your installation method. You can also get the IP address of the load balancer for Kong and send a HTTPS request to test.

Test the configuration

  1. Send a request to the Location URL.
     $ curl -k https://$PROXY_IP/test/headers
    

    The results should look like this:

     {
       "headers": {
         "Accept": "*/*",
         "Connection": "keep-alive",
         "Host": "192.0.2.0",
         "User-Agent": "curl/8.1.2",
         "X-Forwarded-Host": "192.0.2.0"
       }
     }
    

Kong correctly serves the request only on HTTPS protocol and redirects the user if the HTTP protocol is used. The -k flag in cURL skips certificate validation as the certificate served by Kong is a self-signed one. If you are serving this traffic through a domain that you control and have configured TLS properties for it, then the flag won’t be necessary.

If you have a domain that you control but don’t have TLS/SSL certificates for it, see Using cert-manager with Kong guide which can get TLS certificates setup for you automatically. And it’s free, thanks to Let’s Encrypt!

Thank you for your feedback.
Was this page useful?
Too much on your plate? close cta icon
More features, less infrastructure with Kong Konnect. 1M requests per month for free.
Try it for Free
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023