Passing header X-Forwarded-Proto:https from client breaks SSL redirect

[jpalomaki]

Is this a BUG REPORT or FEATURE REQUEST? (choose one): BUG REPORT

NGINX Ingress controller version: 0.9.0-beta.19

Kubernetes version (use kubectl version): 1.8.4-gke.0

Environment:

• Cloud provider or hardware configuration: GKE

What happened:

http http://example.com/ 'X-Forwarded-Proto:https'
HTTP/1.1 200 OK

What you expected to happen:

http http://example.com/ 'X-Forwarded-Proto:https'
HTTP/1.1 301 Moved Permanently
...
Location: https://example.com/

How to reproduce it (as minimally and precisely as possible):

nginx.ingress.kubernetes.io/ssl-redirect: "true"

Anything else we need to know:

Using GCP network load balancer (no proxy).

I've also tried adding to nginx configmap (to no avail):

http-snippet: >
    more_clear_input_headers X-Forwarded-For X-Forwarded-Host X-Forwarded-Proto X-Forwarded-Port;

[aledbf]

@jpalomaki can you test this from the ingress controller pod itself using the next command?

kubectl exec -it <nginx ingress pod> -- curl -v http://localhost \
  -H 'Host: example.com' -H 'X-Forwarded-Proto: https'

[jpalomaki]

@aledbf Same deal, no redirect when passing -H 'X-Forwarded-Proto: https'. If I remove said header, I get the redirect.