HTTP/HTTPS mixed content and redirects fix for ingress

Customers who hosting Magnolia behind a CDN/proxy/load-balancer using HTTPS while the original service running in Tomcat using HTTP protocol may run into issue when they configure an internal redirect from Magnolia side. Usually customers using Virtual URI mapping function to achieve this which will lead to a mixed redirect protocols:

This should be fixed in CDN/proxy/load-balancer level, but not Magnolia because internally Magnolia Virtual URI mapping works by its design already.

Step-by-step guide

This guideline helps fixing the issue from ingress level of k8s:

1. Open your ingress definition file, or configuration file (values.xml file if you are using Magnolia PAAS product)
2. Put this annotation to your file to make use of proxy redirect feature of nginx:

3. nginx.ingress.kubernetes.io/proxy-redirect-from: http://
   nginx.ingress.kubernetes.io/proxy-redirect-to: https://

Pros and cons

1. Not all customers using the same CDN, so fixing it at proxy/load-balancer eliminate this discrepancy
2. The annotation applied for k8s ingress with nginx implementation only, anyway the mechanism should be the same for proxying redirects
3. This could also be achieved using different technique, this is just a way to help Magnolia PAAS customers
4. We may include this by default to our product in the future, this guideline may obsolete soon

Related articles

• Page:
  Configure for basic authentication in ingress Magnolia PaaS
• Page:
  Workspace synchronization
• Page:
  HTTP/HTTPS mixed content and redirects fix for ingress
• Page:
  Removing /home redirect