Add port for plain HTTP to HTTPS redirection

deploy/static/provider/aws/deploy-tls-termination.yaml

@@ -36,7 +36,13 @@ metadata:
   name: ingress-nginx-controller
   namespace: ingress-nginx
 data:
-  force-ssl-redirect: 'true'
+  http-snippet: |
+    server {
+      listen 2443;
+      return 308 https://$host$request_uri;
+    }
+  proxy-real-ip-cidr: XXX.XXX.XXX/XX
+  use-forwarded-headers: 'true'
 ---
 # Source: ingress-nginx/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -263,9 +269,8 @@ metadata:
     service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
     service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60'
     service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
-    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
     service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX
-    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: '443'
+    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
     service.beta.kubernetes.io/aws-load-balancer-type: elb
   labels:
     helm.sh/chart: ingress-nginx-2.0.0
@@ -283,7 +288,7 @@ spec:
     - name: http
       port: 80
       protocol: TCP
-      targetPort: http
+      targetPort: tohttps
     - name: https
       port: 443
       protocol: TCP
@@ -382,7 +387,10 @@ spec:
               containerPort: 80
               protocol: TCP
             - name: https
-              containerPort: 443
+              containerPort: 80
+              protocol: TCP
+            - name: tohttps
+              containerPort: 2443
               protocol: TCP
             - name: webhook
               containerPort: 8443

hack/generate-deploy-scripts.sh

@@ -46,10 +46,6 @@ controller:
 
   publishService:
     enabled: false
-
-rbac:
-  create: true
-
 EOF
 
 echo "${NAMESPACE_VAR}
@@ -62,10 +58,6 @@ controller:
   service:
     type: LoadBalancer
     externalTrafficPolicy: Local
-
-rbac:
-  create: true
-
 EOF
 
 echo "${NAMESPACE_VAR}
@@ -87,10 +79,6 @@ controller:
       # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
       # increased to '3600' to avoid any potential issues.
       service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
-
-rbac:
-  create: true
-
 EOF
 
 echo "${NAMESPACE_VAR}
@@ -107,31 +95,36 @@ controller:
     annotations:
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
       service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
-      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
       service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
-      service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
       service.beta.kubernetes.io/aws-load-balancer-type: elb
       # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
       # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
       # increased to '3600' to avoid any potential issues.
       service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
 
     targetPorts:
-      http: http
+      http: tohttps
       https: http
+      tohttps: tohttps
 
-  config:
-    # Force 80 -> 443
-    force-ssl-redirect: "true"
-    # use-forwarded-headers: "true"
+  # Configures the ports the nginx-controller listens on
+  containerPort:
+    http: 80
+    https: 80
+    tohttps: 2443
 
+  config:
     # Obtain IP ranges from AWS and configure the defaults
     # curl https://ip-ranges.amazonaws.com/ip-ranges.json | cat ip-ranges.json | jq -r '.prefixes[] .ip_prefix'| paste -sd "," -
-    # proxy-real-ip-cidr: []
-
-rbac:
-  create: true
-
+    # DO NOT FORGET TO SET YOUR VPC CIDR
+    proxy-real-ip-cidr: XXX.XXX.XXX/XX
+    use-forwarded-headers: "true"
+    http-snippet: |
+      server {
+        listen 2443;
+        return 308 https://\$host\$request_uri;
+      }
 EOF
 
 echo "${NAMESPACE_VAR}