Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WWW non-WWW Redirection over HTTPS #26

Closed
alexwennerberg opened this issue May 27, 2019 · 3 comments
Closed

WWW non-WWW Redirection over HTTPS #26

alexwennerberg opened this issue May 27, 2019 · 3 comments

Comments

@alexwennerberg
Copy link

alexwennerberg commented May 27, 2019
edited
Loading

Hi!

I'm trying to set up a web server at www.[domain].com. I followed the instructions on this article: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs and got everything working.

There are four ways someone may commonly access my site:

http://[domain].com
http://www.[domain].com
https://[domain].com
https://www.[domain].com

Redirecting http://[domain].com to http://www.[domain].com is easily handled via DNS records. However, right now, running curl https://[domain].com gives an invalid cert error, since my certificate is only configured for www.[domain].com. For many browsers, this isn't an issue (eg, Chrome handled the redirect) but in Firefox for example, this redirect wasn't handled by my browser. How can I use managed certs to redirect https://[domain].com to https://www.[domain].com? According to Google's documentation: "Managed certificates support a single, non-wildcard domain. Refer to the managed certificates page for information on how to use them." Although I am relatively inexperienced in this field, this seems inconsistent with web best practices, which should use HTTPS and should redirect [domain].com to www.[domain].com or vise versa. Am I misunderstanding or misusing this service?

Thanks!
@alexwennerberg alexwennerberg changed the title WWW non-WWW Redirection over HTTPS & HTTPS redirection WWW non-WWW Redirection over HTTPS May 27, 2019
@alexwennerberg
Copy link
Author

Figured out there's an inconsistency between the GitHub documentation and the GCP documentation

@abevoelker
Copy link

GCP's Ingress can't do those types of redirects. You'll have to handle redirects from your own webserver unfortunately.

You'll have to create a separate ManagedCertificate for each domain given the current limitations on that. But your Ingress can terminate both of your domains. Might look something like:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    kubernetes.io/ingress.global-static-ip-name: example-ip-address
    networking.gke.io/managed-certificates: cert1,cert2
spec:
  rules:
  - host: domain.com
    http:
      paths:
      - backend:
          serviceName: your-service
          servicePort: 80
  - host: www.domain.com
    http:
      paths:
      - backend:
          serviceName: your-service
          servicePort: 80
---
apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
  name: cert1
spec:
  domains:
    - domain.com
---
apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
  name: cert2
spec:
  domains:
    - www.domain.com

@alexwennerberg
Copy link
Author

Thank you! This is what I figured out, I just found the GCP documentation misleading, which says "Managed certificates support a single, non-wildcard domain"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@abevoelker @alexwennerberg