Docsright arrowEmissary-ingressright arrowCleartext support

2 min • read

Cleartext support

While most modern web applications choose to encrypt all traffic, there remain cases where supporting cleartext communications is important. Emissary-ingress supports both forcing automatic redirection to HTTPS and serving cleartext traffic on a Host.

Cleartext Routing

To allow cleartext to be routed, set the requestPolicy.insecure.action of a Host to Route:

This allows routing for either HTTP and HTTPS, or only HTTP, depending on tlsSecret configuration:

  • If the Host does not specify a tlsSecret, it will only route HTTP, not terminating TLS at all.
  • If the Host does specify a tlsSecret, it will route both HTTP and HTTPS.

HTTP->HTTPS redirection

Most websites that force HTTPS will also automatically redirect any requests that come into it over HTTP:

In Emissary-ingress, this is configured by setting the insecure.action in a Host to Redirect.

Emissary-ingress determines which requests are secure and which are insecure using the securityModel of the Listener that accepts the request.