After upgrading our Nginx to version 4.13.0 due to some CVEs, we're facing issues where all our application ingresses won't open in a browser. Although we had valid certificates in place, we're getting a "fake certificate" error. These ingresses worked perfectly on version 4.11.5. I'm currently testing this in our development environment and was wondering if anyone has encountered a similar issue or found a solution? I've checked the GitHub issues but haven't found anything helpful.
4 Answers
Have you set up any redirects? The logs could give insight into the problem. Just a heads up, if you were using variables like `$redirect_url`, those broke in versions 4.12 and up due to a security fix. It caused my ingress to fail deployment, and I spent ages figuring it out. There are some GitHub issues about it if that's related.
Make sure to check for any changes in the configurations between 4.11 and 4.13. Have you tried running with verbose logging? That might help diagnose the problem.
Don't worry about verbose logging just yet—just check the controller logs and events. They usually highlight what's wrong with the ingresses. Often, it could be due to missing certificates in the namespace or pesky annotations.
You should definitely check the controller logs. They usually provide clues about what's going wrong. There was a recent change concerning server-snippets that might have affected your setup.
I think you're onto something! The stricter admission webhook is a common issue that tripped me up too.