Where should you resolve requests for Ingress?

Hello everyone,

I think I have read all the documentation and tried a lot of things for 5 days but I am still struggling to get it working properly.

Configuration: Single Node deployment for Rancher, 5 nodes with all services deployed.
Rancher: rancher . mydomain . net on port 443 (80 redirects to 443)
Nodes: nodes . mydomain . net (bind9 DNS server resolves to IP of the nodes, round robin)
I have a wildcard certificate from a CA for * . mydomain . net. It is used for rancher, I set it up with the environment parameter when running docker.

Let say I have a Workload that exposes port 443, for example, oznu/unms:latest container.
In the configuration, I bound port 443 TCP to NodePort listening on Random. I can access the website with https : / / nodes . mydomain . net : listeningrandomport

I then set up an new Ingress in Load Balancing:

hostname to use: nodes . mydomain . net
path: /unms
port: 443

I then try to access the website with https : / / nodes . mydomain . net / unms
I got the default backend - 404

I’ve read that that might occur because of certificates. So I added the wildcard certificate and referenced it in SSL/TLS Certificates, with host nodes . mydomain . net. I now have:

400 Bad Request (The plain HTTP request was sent to HTTPS port) nginx.
I have triple checked I tried to access the workload with https and not http
I also tried with to add this annotation: nginx.ingress.kubernetes.io/secure-backends: “true”

In case it was not rewriting the path correctly, I’ve tried to play with nginx.ingress.kubernetes.io/rewrite-target: / but still no luck.
I’ve tried to remove the path (/unms) and access with https : / / nodes . mydomain . net (got the 400 bad request)
I’ve tried to use the default ingress controller certificate instead and got the same error 400.

After some days, I was wondering, am I targeting the right servers? Should I resolve nodes . mydomain . net to rancher instead of the nodes? It’s what is written in the documentation for load balancing: * Replace rancher-server with the IP address or hostname of the node running the Rancher container. Even if it makes no sense to me I’ve tried and it then goes to rancher and I got a 404 error with a nice background and "the page you were looking for doe not exist.

My understanding is that the ingress runs and all nodes so it’s were I should resolve.
I also understand that Ingress is a basic NGINX reverse proxy to map a request url to an IP and a port.
Those nginx runs on all nodes.

I have set a ton of times this type of nginx reverse proxy on standard linux box so I get how it works.

Do you have any tips, idea, lead for me?
Any help would be appreviated!

Thank you,

Torpi

P.S. Sorry, had to edit the url in my explanations because the forum thinks I am writing external links.

There is an old proverb that says: thou will find a solution when you ask for help.

http://nginx.ingress.kubernetes.io/secure-backends: “true”

is not valid anymore. Should now use:

nginx.ingress.kubernetes.io/backend-protocol: “HTTPS”

Posting here if someone has the same issue.

Torpi