While most modern web applications choose to encrypt all traffic, there remain
cases where supporting cleartext communications is important. Emissary-ingress supports
both forcing automatic redirection to HTTPS and
serving cleartext traffic on a
To allow cleartext to be routed, set the
requestPolicy.insecure.action of a
This allows routing for either HTTP and HTTPS, or only HTTP, depending on
- If the
Hostdoes not specify a
tlsSecret, it will only route HTTP, not terminating TLS at all.
- If the
Hostdoes specify a
tlsSecret, it will route both HTTP and HTTPS.
Most websites that force HTTPS will also automatically redirect any requests that come into it over HTTP:
In Emissary-ingress, this is configured by setting the
insecure.action in a
Emissary-ingress determines which requests are secure and which are insecure using the
securityModel of the
Listener that accepts the request.