Cleartext support
While most modern web applications choose to encrypt all traffic, there remain
cases where supporting cleartext communications is important. Emissary-ingress supports
both forcing automatic redirection to HTTPS and
serving cleartext traffic on a Host
.
Cleartext Routing
To allow cleartext to be routed, set the requestPolicy.insecure.action
of a Host
to Route
:
requestPolicy:insecure:action: Redirect
This allows routing for either HTTP and HTTPS, or only HTTP, depending on tlsSecret
configuration:
- If the
Host
does not specify atlsSecret
, it will only route HTTP, not terminating TLS at all. - If the
Host
does specify atlsSecret
, it will route both HTTP and HTTPS.
HTTP->HTTPS redirection
Most websites that force HTTPS will also automatically redirect any requests that come into it over HTTP:
Client Emissary-ingress| || http://<hostname>/api || --------------------------> || || 301: https://<hostname>/api || <-------------------------- || || https://<hostname>/api || --------------------------> || |
In Emissary-ingress, this is configured by setting the insecure.action
in a Host
to Redirect
.
requestPolicy:insecure:action: Redirect
Emissary-ingress determines which requests are secure and which are insecure using the
securityModel
of the Listener
that accepts the request.
ON THIS PAGE