Elasticsearch with ingress received plaintext http traffic on an https channel

Hi, i have the config from https://github.com/elastic/helm-charts/tree/7.9/elasticsearch/examples/security

with the next ingress in my values.yaml:

ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: nginx
  path: /
  hosts:
    - elasticsearch.mycompany.cloud
  tls:
  - hosts:
    - elasticsearch.mycompany.cloud
    secretName: mycompany.cloud-prod-tls

log from curl inside pod

curl -sku elastic:2063password https://localhost:9200
{
  "name" : "elasticsearch-master-0",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "huhZtorGTEOhX3gO41sNGg",
  "version" : {
    "number" : "7.9.0",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "a479a2a7fce0389512d6a9361301708b92dff667",
    "build_date" : "2020-08-11T21:36:48.204330Z",
    "build_snapshot" : false,
    "lucene_version" : "8.6.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

when try to reach elasticsearch from outside

curl -sku elastic:2063password https://elasticsearch.mycompany.cloud     
<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.17.10</center>
</body>
</html>

log from elasticsearch

{"type": "server", "timestamp": "2020-08-27T05:26:02,526Z", "level": "WARN", "component": "o.e.x.s.t.n.SecurityNetty4HttpServerTransport", "cluster.name": "elasticsearch", "node.name": "elasticsearch-master-0", "message": "received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/10.42.3.81:9200, remoteAddress=/172.31.44.44:49490}", "cluster.uuid": "huhZtorGTEOhX3gO41sNGg", "node.id": "cza-R9qVQYmqCs8s18mqHw"  }

2 Likes

Having the same issue!

It worked for me using these annotations in Ingress:

nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/secure-backends: "true"
ingress.kubernetes.io/ssl-passthrough: "true"
5 Likes

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.