[cf-dev] Running UAA on Kubernetes behind TLS-enabled ingress controller #uaa
We are running UAA behind an ingress controller on Kubernetes. The connection to the ingress controller is https on a port other than 443 e.g. 8443. The connection to UAA pod is http. The issue we are facing is that the URLs UAA will return to the browser during the OAuth handshake include http instead of https. When we set X-Forwarded-Proto to "https" at the ingress controller, then the returned URLs contain https, but the port is set to 443. We believe this is because of this line of code: https://github.com/cloudfoundry/uaa/blob/develop/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/FixHttpsSchemeRequest.java#L44 Is there another way of doing this? Basically, instead of redirecting to <a href="http://url:8080," target="_blank" rel="noopener">http://url:8080, we want a redirection to https://url:8443. Currently, what we get is https://url with the X-Forwarded-Proto header set to "https".