TLS Ingress not work on nginx

[lucklove]

I'm using nginx ingress controller, and I fellow this example.
After
kubectl create -f https://raw.githubusercontent.com/kubernetes/ingress/master/examples/multi-tls/multi-tls.yaml
I execute
kubectl exec -it nginx-ingress-controller-2844275453-frmww -n kube-system -- cat /etc/nginx/nginx.conf | grep "foo.bar.com" -B 7 -A 35
and it shows

            proxy_pass http://default-nginx-80;
        }

    }

    server {
        server_name foo.bar.com;
        listen [::]:80;
        location / {
            set $proxy_upstream_name "default-echoheaders-80";
            port_in_redirect off;
            client_max_body_size                    "1m";

            proxy_set_header Host                   $host;

            # Pass the extracted client certificate to the backend

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Port       $pass_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
            proxy_set_header X-Original-URI         $request_uri;
            proxy_set_header X-Scheme               $pass_access_scheme;

            # mitigate HTTPoxy Vulnerability
            # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
            proxy_set_header Proxy                  "";

            # Custom headers

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;

So it's not surprise that curl http://hostip -H "Host:foo.bar.com" works while curl https://hostip -H "Host:foo.bar.com" -k not: The nginx-ingress-controller neither listen on 443 for foo.bar.com at all, nor use any pem file.
What should I do to get more clear what's wrong?

[lucklove]

Seems the same issule kubernetes-retired/contrib#1592

[gianrubio]

@lucklove this doc look old. Please remove the created replicationcontroller and apply this one https://github.com/kubernetes/ingress/blob/master/examples/deployment/nginx/nginx-ingress-controller.yaml

Let me know if this solve your isssue so I'll update this doc.

[lucklove]

@gianrubio Thanks for your reply, I just have workaround by ssl-passthrough, it seems fit my requirements...
And... The one you gave is what I am using...

[rikatz]

@lucklove Have you created the secret containing the Keypair, and with the CN matching your hostname? (foo.bar.com)

[lucklove]

@rikatz I create it by openssl, but I don't know if ingress-controller see it since there is no log about it.(I recommend add log for this, if ingress-controller can't find secret it should log an error)

[rikatz]

@lucklove Actually it does log :)

Can you please give me the created ingress (with kubectl get ingress ingress-name -o yaml) and its respective secret, so I can take a look?

Thanks

[aledbf]

@lucklove please use the image quay.io/aledbf/nginx-ingress-controller. This image contains #459