3 min • read

Cleartext support

While most modern web applications choose to encrypt all traffic, there remain cases where supporting cleartext communications is important. Ambassador Edge Stack supports both forcing automatic redirection to HTTPS and serving cleartext traffic on a Host.

Cleartext Routing

To allow cleartext to be routed, set the requestPolicy.insecure.action of a Host to Route:

yaml
requestPolicy:
insecure:
action: Redirect

This allows routing for either HTTP and HTTPS, or only HTTP, depending on tlsSecret configuration:

  • If the Host does not specify a tlsSecret, it will only route HTTP, not terminating TLS at all.
  • If the Host does specify a tlsSecret, it will route both HTTP and HTTPS.

HTTP->HTTPS redirection

Most websites that force HTTPS will also automatically redirect any requests that come into it over HTTP:

shell
Client Ambassador Edge Stack
| |
| http://<hostname>/api |
| --------------------------> |
| |
| 301: https://<hostname>/api |
| <-------------------------- |
| |
| https://<hostname>/api |
| --------------------------> |
| |

In Ambassador Edge Stack, this is configured by setting the insecure.action in a Host to Redirect.

yaml
requestPolicy:
insecure:
action: Redirect

Ambassador Edge Stack determines which requests are secure and which are insecure using the securityModel of the Listener that accepts the request.