400 Bad Request The plain HTTP request was sent to HTTPS port when deploying Harbor behind NLB
Sandy7894 opened this issue · 3 comments
We are planning to deploy NLB to access Harbor deployed on EKS.. We have deployed AWS load balancer controller on the cluster.
Below is my values file
harbor:
expose:
type: loadBalancer
tls:
enabled: true
auto:
commonName: "xxx"
loadBalancer:
name: harbor-dev
annotations:
"service.beta.kubernetes.io/aws-load-balancer-type": "nlb-ip"
"service.beta.kubernetes.io/aws-load-balancer-nlb-target-type": "instance"
"service.beta.kubernetes.io/aws-load-balancer-subnets": "xxx"
"service.beta.kubernetes.io/aws-load-balancer-healthcheck-port": "traffic-port"
"service.beta.kubernetes.io/aws-load-balancer-healthcheck-success-codes": "200-399"
"service.beta.kubernetes.io/aws-load-balancer-target-group-attributes": "preserve_client_ip.enabled=true"
"service.beta.kubernetes.io/aws-load-balancer-internal": "true"
"service.beta.kubernetes.io/aws-load-balancer-ssl-cert": "xxx"
"external-dns.alpha.kubernetes.io/hostname": "https://harbor-dev.xxx"
"external-dns.alpha.kubernetes.io/ttl": "300"
externalURL: https://harbor-dev.xxx
persistence:
enabled: true
resourcePolicy: keep
nginx:
tls:
enabled: true
Deployment seems successful but when i am trying to access Harbor, i am getting the below error :
400 Bad Request
The plain HTTP request was sent to HTTPS port
Few mentioned it is because of the HTTPS targetPort configured to 443 and need to update to 8080 as the SSL termination is happening at NLB level, but do i need to update the helm chart such a way or do we have anyway to update the config ??
One thing is, if i keep TLS disabled, HTTPS port is not getting enabled for nginx and my nlb target groups health checks are failing
The chart does not expect SSL termination on the loadbalancer as far as I can tell.
The template specifies that the LB will forward traffic from the LBs https-port to 8443.
In templates/nginx/service.yaml:
spec:
type: LoadBalancer
...
ports:
- name: http
port: {{ $loadBalancer.ports.httpPort }}
targetPort: 8080
{{- if .Values.expose.tls.enabled }}
- name: https
port: {{ $loadBalancer.ports.httpsPort }}
targetPort: 8443
{{- end }}
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.