WhatsApp
Kubernetes Ingress Service is missing
Currently SSL termination is done in webapp lighthttd with self signed certificate. Would be nice to have a non-ssl port exposed to setup ingress service like ingress-nginx.
PS: not sure if it's the right place for the issue. Seems configuration of Dockerfile isn't here
Hi @eumel8, I am not an expert with Kubernetes, please bear with my question here. Could you elaborate a bit more on what you want to setup ingress-nginx for? Thanks!
@mengyiyuan , sure! A normal use case would be to terminate Internet traffic on specific Ingress nodes and pass through traffic to the application layer:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: whatsapp
namespace: whatsapp
annotations:
certmanager.k8s.io/cluster-issuer: letsencrypt-production
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: whatsapp.example.com
http:
paths:
- backend:
serviceName: whatsapp-web-service
servicePort: 8080
path: /
tls:
- hosts:
- whatsapp.example.com
secretName: whatsapp-example-com
Additinal features like LetsEncrypt certificates would be possible. The easiest way to get this done is an expose of a non-ssl http port, like 8080, from the container.
@eumel8 Sorry for my super late reply! Somehow this comment slipped through my inbox. Thanks a lot for the explanation as well.
If the purpose is to use a custom certificate for https traffic, we provide an API to upload your own certificate: https://developers.facebook.com/docs/whatsapp/api/certificates.
Would this be sufficient for your use case?
@mengyiyuan Interesting. But we split our architecture typically in application layer (Whatsapp) and internet layer (Kubernetes Ingress Controller. The Ingress Controller terminated SSL connections and with Cert Manager we have a tool for automatically managemnet of SSL certificates with Let's Encrypt
i am also facing the same problem, trying to run on k8s with ingress controller , i have implemented the same ingress above but i am getting the below error when sending traffic to the webapp 2021-04-30 12:13:42: (mod_openssl.c.1796) SSL: 1 error:1408F09C:SSL routines:ssl3_get_record:http request 2021-04-30 12:13:42: (mod_openssl.c.1796) SSL: 1 error:1408F09C:SSL routines:ssl3_get_record:http request 2021-04-30 12:13:42: (mod_openssl.c.1796) SSL: 1 error:1408F09C:SSL routines:ssl3_get_record:http request
@eumel8 @mengyiyuan does it happen to any of you guys to find any solution for this issue, i am facing this issue with my above comment showing the appearing errors after using the above ingress controller setup with k8s
well , after a few investigations, i was able to solve the issue while keeping the ssl termination in webapp and setting the ingress port to 443 , i added the below line to the ingress annotations, and it worked
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
@OElGebaly @deniojunior Thanks a lot for working on this and sending the pull request.
Sorry that currently we do not have enough resources to maintain the Kubernetes solution, so I would not accept the PR for now because we just don't have enough resources to do the testing internally.
I will keep the PR and this issue open so that people who want to use the ingress service could refer to your examples. Thanks a lot for your understanding.
For me creating an ingress with @OElGebaly's annotation nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" worked as well!
