Warning: This web connection is unencrypted. with https
RorFis opened this issue · 4 comments
Describe the bug
PhpLdapAdmin returns "Warning: This web connection is unencrypted." behind an https Ingress.
Expected behavior
PhpLdapAdmin does not show the warning message and connection is crypted
Browser : Firefox
OS : Windows
I use traefik as Ingress and I have setup both dns and cert for my.ldap.com. Since I am in a test environment, I have not set up much in values.yaml except for the ldap domain, the secrets and the ingress conf :
phpldapadmin: enabled: true image: tag: 0.9.0 env: PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: "never" ingress: enabled: true annotations: {} ## See https://kubernetes.io/docs/concepts/services-networking/ingress/#ingressclass-scope ingressClassName: traefik path: / pathType: Prefix ## Ingress Host hosts: - my.ldap.com ## Ingress cert tls: [] # - secretName: phpldapadmin.example # hosts: # - phpldapadmin.example
Helm chart is deployed with argocd. When I go to PhpLdapAdmin, I get the following warning :
Warning: This web connection is unencrypted.
and by moving the mouse over it, I get :
You are not using 'https'. Web browser will transmit login information in clear text.
The browser shows https connection though so I'm not sure what to change
Hi @RorFis ,
I tested on my end with the following values , everything looks fine:
phpldapadmin:
enabled: true
image:
tag: 0.9.0
env:
PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: "never"
ingress:
enabled: true
annotations: {}
## See https://kubernetes.io/docs/concepts/services-networking/ingress/#ingressclass-scope
# ingressClassName: nginx
path: /
pathType: Prefix
## Ingress Host
hosts:
- phpldapadmin.example
## Ingress cert
tls:
- secretName: phpldapadmin.example
hosts:
- phpldapadmin.example
And a secret phpldapadmin.example
:
k get secret phpldapadmin.example -o yaml
apiVersion: v1
data:
tls.crt: LS0tLS1...
tls.key: LS0tLS1CR...
kind: Secret
metadata:
creationTimestamp: "2024-07-16T13:42:29Z"
name: phpldapadmin.example
namespace: default
resourceVersion: "47470"
uid: c899b1c5-9ca9-4dbd-9e65-c51ce69505f3
type: kubernetes.io/tls
Hi,
I forgot to say that there is an AWS ALB before the ingress. This ALB is carrying the certificates (which I don't have access since it is generated by AWS) and enables https. The Ingress is not carrying the certificates.
Okay got you. So I think that you need to add some annotation at the ingress level. Which one I don't know ...
So basically you have ssl termination between your alb and the ingress controller and then it's a clear communication between the ingress controller and the pod . This is why you got the warning , the ingress on PLA doesn't know about the certificate.
From a user PoV , the communication is secured , so if Traefik doesn't allow you to do some sort of ssl pass through, it safe to ignore the warning .
Ok I'll check with Ingress then
Thank you !