Non-TLS traffic through ingress shouldn't be allowed when TLS is enabled #397

michaeldmitry · 2024-09-05T11:29:18Z

Bug Description

Currently, when TLS is enabled, users can still hit the the ingress endpoint using http and Traefik charm would allow it.

To Reproduce

Deploy Traefik
Deploy any app (e.g: Tempo)
Integrate Traefik and Tempo over traefik_route
Deploy SSC
Integrate Traefik and SSC
Curl any valid Tempo endpoint using Traefik's ingress URL but use http://<endpoint> not https://<endpoint>

Environment

microk8s 1.28.13
juju 3.4.5

Relevant log output

N/A

Additional context

No response

The text was updated successfully, but these errors were encountered:

dstathis · 2024-12-17T13:48:46Z

Let's see if this is for traefik route only or if it applies for all traffic relations. If it is for traefik route only, we should not fix it as this can be configured by the consumer. If this exists for other traefik relations, then we should automatically upgrade the connection.

dstathis · 2025-01-14T15:31:04Z

This will likely be handled by #430.

michaeldmitry added Type: Bug Status: Triage labels Sep 5, 2024

dstathis added Checked and removed Checked labels Nov 11, 2024

dstathis mentioned this issue Jan 14, 2025

Traefik appends a tls route even when tls routes are explicitly provided #430

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Non-TLS traffic through ingress shouldn't be allowed when TLS is enabled #397

Non-TLS traffic through ingress shouldn't be allowed when TLS is enabled #397

michaeldmitry commented Sep 5, 2024

dstathis commented Dec 17, 2024

dstathis commented Jan 14, 2025

Non-TLS traffic through ingress shouldn't be allowed when TLS is enabled #397

Non-TLS traffic through ingress shouldn't be allowed when TLS is enabled #397

Comments

michaeldmitry commented Sep 5, 2024

Bug Description

To Reproduce

Environment

Relevant log output

Additional context

dstathis commented Dec 17, 2024

dstathis commented Jan 14, 2025