HTTP Liveness Probe on HTTPS site

HTTP Liveness Probe on HTTPS site

by Ben Torell -
Number of replies: 1

I am setting up my Moodle site on Kubernetes, and SSL is being handled by a load balancer further up the chain. I have $CFG->sslproxy enabled. In my Kubernetes deployment config, I have a livenessProbe set on the nginx pod to hit the ?fullcheck endpoint provided by the Heartbeat plugin (https://moodle.org/plugins/tool_heartbeat).

The nginx config is not set up to handle SSL termination, since SSL termination is handled by the load balancer, and requests are actually passed to Moodle internal to the cluster over HTTP.

The problem is that, since nginx is not configured to accept HTTPS requests, my liveness probe (which originates within the cluster behind the load balancer) has to make requests to nginx using HTTP. But Moodle seems absolutely hellbent on redirecting all HTTP requests to HTTPS no matter what, even with $CFG->sslproxy enabled.

How can I prevent Moodle from doing any HTTPS redirection? I already have my nginx config doing all appropriate HTTPS redirection as needed. I just want this one single endpoint to be servable over HTTP for my liveness probe. Can anyone shed any light on how I might accomplish this?

Average of ratings: -
In reply to Ben Torell

Re: HTTP Liveness Probe on HTTPS site

by Ben Torell -
So, I figured out how to prevent HTTPS redirection for this specific endpoint, However, because Kubernetes refers to a pod internally by an internal IP host, Moodle wants to redirect it to the host listed in the config.

e.g. In my Moodle config, I have $CFG->wwwroot set to "https://example.com", but internally when Kubernetes hits a livenessProbe on a pod, it refers the the pod's internal IP address, which might be http://[random IP]. Moodle sees that IP and tries to redirect to the wwwroot, but the redirect results in a failed livenessProbe to Kubernetes since it's a 3xx result instead of a 2xx result.

Any way I can disable the wwwroot redirect for a single endpoint?
Average of ratings: -