search

devcontainers / features

A collection of Dev Container Features managed by Dev Container spec maintainers. See https://github.com/devcontainers/feature-starter to publish your own
https://containers.dev/features
MIT License
882 stars 356 forks source link

kubectl-helm-minikube port-forward 443 #976

Open scola84 opened 4 months ago

scola84 commented 4 months ago

When I run

kubectl port-forward -n ingress-nginx services/ingress-nginx-controller 80:80

the forwarded address is 127.0.0.1:80, but when I run

kubectl port-forward -n ingress-nginx services/ingress-nginx-controller 443:443

the forwarded address is https://CODESPACENAME-443.app.github.dev/

I would like to be able to use https://localhost to access my app from the host machine (e.g. a browser) with a secure connection, but because of the observed behavior of the codespace this is not possible.

samruddhikhandale commented 4 months ago

The behavior you're seeing is due to how Kubernetes port-forward works and how Codespaces handles secure connections.

  1. kubectl port-forward -n ingress-nginx services/ingress-nginx-controller 80:80: This command forwards traffic from your local machine's port 80 to the ingress-nginx-controller service's port 80. Since port 80 is typically used for HTTP (non-secure) traffic, Codespaces allows this traffic to be accessed via localhost.
  2. kubectl port-forward -n ingress-nginx services/ingress-nginx-controller 443:443: This command forwards traffic from your local machine's port 443 to the ingress-nginx-controller service's port 443. Port 443 is typically used for HTTPS (secure) traffic. For security reasons, Codespaces does not allow secure traffic to be accessed via localhost. Instead, it provides a unique URL (https://CODESPACENAME-443.app.github.dev/) for accessing the secure service.

If you want to access your app via https://localhost from your host machine, you would need to set up a local SSL/TLS proxy on your host machine that forwards traffic to the Codespaces URL. This would involve generating a self-signed SSL certificate, configuring the proxy to use this certificate, and adding the certificate to your host machine's trusted certificate store. This is a complex task and may not be feasible depending on your situation.

Alternatively, you could consider using a service like ngrok or localtunnel to expose your local web server to the internet with a secure connection. These services provide a public URL that you can use to access your local web server from any device. However, please be aware that these services may have costs associated with them, and exposing your local web server to the internet can have security implications.