jp-gouin/helm-openldap

Warning: This web connection is unencrypted. with https

RorFis opened this issue · 4 comments

Describe the bug
PhpLdapAdmin returns "Warning: This web connection is unencrypted." behind an https Ingress.

Expected behavior
PhpLdapAdmin does not show the warning message and connection is crypted

Browser : Firefox
OS : Windows

I use traefik as Ingress and I have setup both dns and cert for my.ldap.com. Since I am in a test environment, I have not set up much in values.yaml except for the ldap domain, the secrets and the ingress conf :
phpldapadmin: enabled: true image: tag: 0.9.0 env: PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: "never" ingress: enabled: true annotations: {} ## See https://kubernetes.io/docs/concepts/services-networking/ingress/#ingressclass-scope ingressClassName: traefik path: / pathType: Prefix ## Ingress Host hosts: - my.ldap.com ## Ingress cert tls: [] # - secretName: phpldapadmin.example # hosts: # - phpldapadmin.example

Helm chart is deployed with argocd. When I go to PhpLdapAdmin, I get the following warning :

Warning: This web connection is unencrypted.

and by moving the mouse over it, I get :

You are not using 'https'. Web browser will transmit login information in clear text.

The browser shows https connection though so I'm not sure what to change

Hi @RorFis ,

I tested on my end with the following values , everything looks fine:

phpldapadmin:
  enabled: true
  image:
    tag: 0.9.0
  env:
    PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: "never"
  ingress:
    enabled: true
    annotations: {}
    ## See https://kubernetes.io/docs/concepts/services-networking/ingress/#ingressclass-scope
    # ingressClassName: nginx
    path: /
    pathType: Prefix
    ## Ingress Host
    hosts:
    - phpldapadmin.example
    ## Ingress cert
    tls: 
      - secretName: phpldapadmin.example
        hosts:
        - phpldapadmin.example

And a secret phpldapadmin.example :
k get secret phpldapadmin.example -o yaml

apiVersion: v1
data:
  tls.crt: LS0tLS1...
  tls.key: LS0tLS1CR...
kind: Secret
metadata:
  creationTimestamp: "2024-07-16T13:42:29Z"
  name: phpldapadmin.example
  namespace: default
  resourceVersion: "47470"
  uid: c899b1c5-9ca9-4dbd-9e65-c51ce69505f3
type: kubernetes.io/tls

Hi,
I forgot to say that there is an AWS ALB before the ingress. This ALB is carrying the certificates (which I don't have access since it is generated by AWS) and enables https. The Ingress is not carrying the certificates.

Okay got you. So I think that you need to add some annotation at the ingress level. Which one I don't know ...

So basically you have ssl termination between your alb and the ingress controller and then it's a clear communication between the ingress controller and the pod . This is why you got the warning , the ingress on PLA doesn't know about the certificate.

From a user PoV , the communication is secured , so if Traefik doesn't allow you to do some sort of ssl pass through, it safe to ignore the warning .

Ok I'll check with Ingress then
Thank you !