"The plain HTTP request was sent to HTTPS port" issue with nginx-ingress in rancher/k8s

Question

I'm running Rancher v2.6.3 and I have a cluster with a Django workload built all on top of AWS. The deployment has a cluster ip port set up, I have an ingress created with a prefix rule pointing at my deployment. I've installed the nginx-ingress helm chart with the following service annotations:

service.beta.kubernetes.io/aws-load-balancer-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: my-cert-arn

Neither of these annotations are present but I've tried adding and removing them both together and individually at various points. I believe one is deprecated:

backend-protocol: "HTTP"
secure-backends: "false"

All of my infrastructure in AWS looks good and HTTP works just fine, however when I try to visit the site using SSL, I get a 400 Bad Request error showing "The plain HTTP request was sent to HTTPS port". The SSL certificate on that page is valid.

What am I doing wrong regarding HTTPS traffic?

Answer 1

I found a resolution to my issue. I deleted the installed nginx-ingress app (chart). Went back to the marketplace to reinstall it and when I was given the opportunity to edit my configuration, I edited the service block with the following values (leaving everything else the same):

  service:
    annotations: {
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: my-cert-arn,
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http",
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https",
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
    }
    targetPorts:
      http: http
      https: http

Everything is behaving correctly now.

This link provided the details I needed to make the proper changes: https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx#aws-l7-elb-with-ssl-termination

It's for the ingress-nginx repo, however the helm chart for nginx-ingress in Rancher v2.6.3 provides kubernetes-ingress. It seems to follow the same structure at the moment.