Default reponse to HTTP requests when API is "HTTPS only"

1,147 views
Skip to first unread message

Martin Fenner

unread,
Jul 14, 2017, 4:45:37 AM7/14/17
to Kong
Dear list,

Kong returns an "upgrade" header, 426 status and "Please use HTTPS protocol" message to HTTP requests for an API set to "HTTPS only": https://github.com/Mashape/kong/blob/master/kong/core/handler.lua#L98-L103. One alternative approach would be a 301 redirect to the HTTPS version of the URL.
  • as I am sure this has been discussed before, can someone point me to the relevant discussion? I couldn't find the topic discussed in GitHub issues or this mailing list.
  • has someone implemented 301 redirects for "HTTPS only" APIs? I currently prefer that implementation, as a lot of our Kong traffic is web browsers rather than API access by other computers.
Thank you,

Martin

Enrique Cota

unread,
Jul 14, 2017, 8:14:33 AM7/14/17
to Martin Fenner, Kong
Hi Martin,

This has indeed been discussed before in the github issues. The relevant issue is #1946 .

As you will see there, one of our users came up with a simple solution for dealing with this problem: he used a custom nginx config file, making the redirect there. Several other people have reported success using this approach. Hopefully it will satisfy your needs too. For now, it is the only way to accomplish the redirect.

Regards,

Enrique



--
You received this message because you are subscribed to the Google Groups "Kong" group.
To unsubscribe from this group and stop receiving emails from it, send an email to konglayer+unsubscribe@googlegroups.com.
To post to this group, send email to kong...@googlegroups.com.
Visit this group at https://groups.google.com/group/konglayer.
To view this discussion on the web visit https://groups.google.com/d/msgid/konglayer/92218556-de38-420a-8b79-336402728ab3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Martin Fenner

unread,
Jul 14, 2017, 8:25:08 AM7/14/17
to Enrique Cota, Kong
Enrique,

thanks a lot, exactly the information I was looking for. I currently use a similar solution with Openresty (from which I am migrating to Kong). I also agree with the comments in the GitHub issue that 301 redirects should only be a temporal solution.

Best,

Martin

Martin Fenner
DataCite Technical Director
Reply all
Reply to author
Forward
0 new messages