Cleartext support

While most modern web applications choose to encrypt all traffic, there remain cases where supporting cleartext communications is important. Emissary-ingress supports both forcing automatic redirection to HTTPS and serving cleartext traffic on a Host.

The Listener andHost CRDs work together to manage HTTP and HTTPS routing. This document is meant as a quick reference to the Host resource: for a more complete treatment of handling cleartext and HTTPS, see Configuring Emissary-ingress Communications.

Cleartext Routing

To allow cleartext to be routed, set the requestPolicy.insecure.action of a Host to Route:

This allows routing for either HTTP and HTTPS, or only HTTP, depending on tlsSecret configuration:

If the Host does not specify a tlsSecret, it will only route HTTP, not terminating TLS at all.
If the Host does specify a tlsSecret, it will route both HTTP and HTTPS.

HTTP->HTTPS redirection

Most websites that force HTTPS will also automatically redirect any requests that come into it over HTTP:

In Emissary-ingress, this is configured by setting the insecure.action in a Host to Redirect.

Emissary-ingress determines which requests are secure and which are insecure using the securityModel of the Listener that accepts the request.

ON THIS PAGE

Cleartext Routing
HTTP->HTTPS redirection

.css-1e2dcm1{z-index:1500;pointer-events:none;}.css-okvapm{z-index:1500;pointer-events:none;}Cleartext support

.css-1e2dcm1{z-index:1500;pointer-events:none;}.css-okvapm{z-index:1500;pointer-events:none;}Cleartext Routing

.css-1e2dcm1{z-index:1500;pointer-events:none;}.css-okvapm{z-index:1500;pointer-events:none;}HTTP->HTTPS redirection

Cleartext support

Cleartext Routing

HTTP->HTTPS redirection