Jan 25, 2023
Introduction
We recently encountered an issue that proved to be quite challenging to debug. Our team runs a standard .NET 6 application within a Kubernetes cluster that is behind a Cloudflare reverse proxy. Cloudflare provides us with the necessary SSL and HTTPS protocols to ensure secure communication. We route traffic from Cloudflare to our Kubernetes cluster, which is hosted on Azure Kubernetes Service (AKS). The traffic is then distributed to the appropriate Kubernetes pods by an nginx ingress controller. The problem we encountered was that our .NET applications appeared to be unaware that they were running behind SSL, leading to issues with redirections and URLs generated by the application, which only displayed "http://" instead of "https://".
Fix the https issue
It turns out that the fix is quite simple. In the process of the request reaching the AKS load balancer and then hitting the containers, the X-FORWARDED-* headers are lost along the way. The key issue is that the the X-FORWARDED-PROTO header that is forwarded on from Cloudflare is what tells the application which protocol is being used (http or https). Without that request being forwarded to our application, it falls back to http.
To apply the fix, you need up to update your nginx-ingress-controller ConfigMap by adding:
To apply the fix, you need up to update your nginx-ingress-controller ConfigMap by adding:
use-forwarded-headers: 'true'
Zack Schwartz @apexdodge
ENTREPRENEUR & SOFTWARE ENGINEER, AUSTIN, TX
I enjoy tackling a wide array of business challenges ranging from front line product support and operations to sales and marketing efforts. My core expertise is in software development building enterprise level web applications.
I enjoy tackling a wide array of business challenges ranging from front line product support and operations to sales and marketing efforts. My core expertise is in software development building enterprise level web applications.