It seemed for awhile that the popular web browsers would automatically redirect travisloyd.xyz to www.travisloyd.xyz if travisloyd.xyz didn’t work. But, after awhile that no longer seemed to happen. So, let’s do this right.
Here’s an ingress to perform the redirect from travisloyd.xyz to www.travisloyd.xyz:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
#nginx.ingress.kubernetes.io/proxy-body-size: 1000m
nginx.ingress.kubernetes.io/server-snippet: |
return 301 https://www.travisloyd.xyz$request_uri;
name: ingress-redirect
spec:
ingressClassName: nginx
rules:
- host: travisloyd.xyz
tls:
- hosts:
- travisloyd.xyz
secretName: travisloyd.xyz-tls
But what about an automatic certificate via letsencrypt? Do we need it? Yes, otherwise https://travisloyd.xyz displays an invalid certificate before performing the redirect. But, we can’t just add the annotations for cert-manager to this redirect because the call back from lets encrypt will not verify correctly with the redirect. Instead, we need an ingress specifically for handling the letsencrypt callback:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: cluster-letsencrypt-issuer
cert-manager.io/issuer-kind: ClusterIssuer
#nginx.ingress.kubernetes.io/proxy-body-size: 1000m
name: ingress-redirect-letsencrypt
spec:
ingressClassName: nginx
rules:
- host: travisloyd.xyz
http:
paths:
- backend:
service:
name: exp-wordpress-xyz-travisloyd-www
port:
name: http
path: /.well-known
pathType: Prefix
tls:
- hosts:
- travisloyd.xyz
secretName: travisloyd.xyz-tls
Perfect, now when the certs expire they’ll be renewed automatically via letsencrypt.