Closed alexwennerberg closed 5 years ago
Figured out there's an inconsistency between the GitHub documentation and the GCP documentation
GCP's Ingress can't do those types of redirects. You'll have to handle redirects from your own webserver unfortunately.
You'll have to create a separate ManagedCertificate for each domain given the current limitations on that. But your Ingress can terminate both of your domains. Might look something like:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: example-ip-address
networking.gke.io/managed-certificates: cert1,cert2
spec:
rules:
- host: domain.com
http:
paths:
- backend:
serviceName: your-service
servicePort: 80
- host: www.domain.com
http:
paths:
- backend:
serviceName: your-service
servicePort: 80
---
apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
name: cert1
spec:
domains:
- domain.com
---
apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
name: cert2
spec:
domains:
- www.domain.com
Thank you! This is what I figured out, I just found the GCP documentation misleading, which says "Managed certificates support a single, non-wildcard domain"
Hi!
I'm trying to set up a web server at www.[domain].com. I followed the instructions on this article: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs and got everything working.
There are four ways someone may commonly access my site:
http://[domain].com http://www.[domain].com https://[domain].com https://www.[domain].com
Redirecting http://[domain].com to http://www.[domain].com is easily handled via DNS records. However, right now, running
curl https://[domain].com
gives an invalid cert error, since my certificate is only configured for www.[domain].com. For many browsers, this isn't an issue (eg, Chrome handled the redirect) but in Firefox for example, this redirect wasn't handled by my browser. How can I use managed certs to redirect https://[domain].com to https://www.[domain].com? According to Google's documentation: "Managed certificates support a single, non-wildcard domain. Refer to the managed certificates page for information on how to use them." Although I am relatively inexperienced in this field, this seems inconsistent with web best practices, which should use HTTPS and should redirect [domain].com to www.[domain].com or vise versa. Am I misunderstanding or misusing this service?Thanks!