Proxy Requests to HTTPS Upstream Services
This guide explains how to use the Ingress Controller to configure the gateway to proxy requests to upstream services over HTTPS.
Prerequisite
- Complete Set Up Ingress Controller and Gateway.
Create a Route
To proxy requests to an HTTPS upstream, create a route that forwards traffic to an upstream service over TLS. The following example configures a route to the public upstream service httpbin.org on its HTTPS port 443.
- Gateway API
- APISIX CRD
Gateway API currently has a bug where the upstream scheme is not correctly configured. As a result, requests are forwarded over HTTP instead of HTTPS, which leads to the error The plain HTTP request was sent to HTTPS port.
This issue is scheduled to be fixed in APISIX Ingress Controller version 2.0.2 and will also be addressed in API7 Ingress Controller in an upcoming release. Until then, this tutorial cannot be completed using Gateway API.
apiVersion: apisix.apache.org/v2
kind: ApisixUpstream
metadata:
namespace: aic
name: httpbin-external-domain
spec:
ingressClassName: apisix
scheme: https
passHost: node
externalNodes:
- type: Domain
name: httpbin.org
port: 443
---
apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
namespace: aic
name: httpbin-tls
spec:
ingressClassName: apisix
http:
- name: httpbin-tls
match:
paths:
- /ip
upstreams:
- name: httpbin-external-domain
Apply the configuration to your cluster:
kubectl apply -f https-route.yaml
Verify
Send a request to the route:
curl -i "http://127.0.0.1:9080/ip"
An HTTP/1.1 200 OK response verifies that the gateway has successfully established a connection and communicated with the upstream service over HTTPS.