Portus nginx error

[YunSangJun]

Problem

The following yaml is values file i used. values.yaml.txt

1. I got error message(HTTP 400) When i used service port as 80.

   
   <values.yaml>
   service:
   port: 80

The plain HTTP request was sent to HTTPS port $ kubectl logs -f portus-portus-nginx-75444987c5-7cqhd -n portus 172.30.130.174 - - [16/Apr/2018:06:06:26 +0000] "GET / HTTP/1.1" 400 666 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36" ... ``` 2. I got error message(HTTP 502) When i used service port as 443. It looks like that Ingress request to nginx pod via 443 port. But nginx pod is listening only 80 port. ``` service: port: 443 502 Bad Gateway [error] 1454#1454: *44641 connect() failed (111: Connection refused) while connecting to upstream, client: 10.178.118.223, server: portus.ghama.io, request: "GET /favicon.ico HTTP/1.1", upstream: "http://172.30.125.75:443/favicon.ico", host: "portus.ghama.io", referrer: "https://portus.ghama.io/" ... $ kubectl logs -f portus-portus-nginx-75444987c5-7cqhd -n portus none $ kubectl describe pod portus-portus-nginx-cb75f6944-6n27d -n portus IP: 172.30.125.75 Containers: portus-portus-nginx: Port: 443/TCP ... kubectl exec -it -n portus portus-portus-nginx-cb75f6944-6n27d sh / # netstat -nltp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1/nginx: master pro ``` ## Environment -helm version : 2.8.1 -portus Chart.yaml version : portus-0.1.2 -kubernetes version : 1.8.8

[YunSangJun]

I can access to dashboard when i set tls to false.

portus: 
  tls:
    enabled: false

  service:
    type: "ClusterIP"
    port: 80   

  ingress:
    tls:
      enabled: false

[malvex]

There's typo in nginx-configmap.yaml, there's missing ; on line with listen directive. I'll try to create PR

EDIT: fixed by this PR: https://github.com/kubic-project/caasp-services/pull/42

[YunSangJun]

@malvex Thanks. The nginx can listen 443 port. But there is an error still. It looks like that Ingress send request as http not https. (Please see nginx log)

<values.yaml>
  service:
    port: 443

<On my Browser>
400 Bad Request
The plain HTTP request was sent to HTTPS port

<Ingress Logs>
{"time_date": "2018-04-17T02:58:38+00:00","client": "10.178.118.223", "host": "portus.ghama.io", "scheme": "https", "request_method": "GET", "request_uri": "/", "request_id": "5261ee619ba282123facf39873f03608", "status": 400, "upstream_addr": "172.30.125.106:443", "upstream_status": 400, "request_time": 0.001, "upstream_response_time": 0.001, "upstream_connect_time": 0.000, "upstream_header_time": 0.001}
{"time_date": "2018-04-17T02:58:38+00:00","client": "10.178.118.223", "host": "portus.ghama.io", "scheme": "https", "request_method": "GET", "request_uri": "/favicon.ico", "request_id": "aeb786ef9786265c3c035dca0855d477", "status": 400, "upstream_addr": "172.30.125.106:443", "upstream_status": 400, "request_time": 0.001, "upstream_response_time": 0.001, "upstream_connect_time": 0.000, "upstream_header_time": 0.001}
...

<Nginx pod logs>
$ kubectl logs -f portus-portus-nginx-cb75f6944-dwnbr -n portus
172.30.130.174 - - [17/Apr/2018:02:53:52 +0000] "GET /favicon.ico HTTP/1.1" 400 666 "https://portus.ghama.io/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36"
172.30.130.174 - - [17/Apr/2018:02:53:53 +0000] "GET / HTTP/1.1" 400 666 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36"

<Nginx pod describe>
$ kubectl describe pod portus-portus-nginx-cb75f6944-dwnbr -n portus
IP:             172.30.125.106
Containers:
  portus-portus-nginx:
    Port:           443/TCP

[stefsuse]

is this issue resolved?

[YunSangJun]

No. It still does not work. Please see the logs.

[mailzyok]

I met the same issues, and it is solved by adding the following annotations for ingress.annotations in values.yaml

nginx.ingress.kubernetes.io/secure-backends: "true"

yzha