sslkubernetesgcloudnginx-ingressintercom

How to setup SSL for Intercom using Nginx ingress controller?

I'm trying to enable https for custom domain for Intercom setup. The documentation tells:

server {
  listen 443 ssl;
  server_name your-help-site.custom-domain.com; # replace this with your domain

  ssl_certificate /path/to/your/fullchain.pem;
  ssl_certificate_key /path/to/your/privatekey.pem;

  location / {
    # using "set" is important as IP addresses of Intercom servers 
    # changes dynamically. "set" enables nginx to follow dynamic IPs
    set $intercom "https://custom.intercom.help:443"; 
    proxy_set_header Host $host;
    proxy_pass $intercom;
  }
}

I've tried this approach:

resource kubernetes_ingress help_ingress {
  metadata {
    name = "help-ingress"
    annotations = {
      "certmanager.k8s.io/cluster-issuer"              = "letsencrypt-prod"
      "kubernetes.io/ingress.class"                    = "nginx"
      "nginx.ingress.kubernetes.io/permanent-redirect" = "http://custom.intercom.help"
      "nginx.ingress.kubernetes.io/rewrite-target" = "/"
      "ingress.kubernetes.io/force-ssl-redirect"         = false
      "nginx.ingress.kubernetes.io/from-to-www-redirect" = true
    }
  }
  spec {
    tls {
      secret_name = "help-cert"
      hosts       = [local.help_url, "www.${local.help_url}"]
    }
    rule {
      host = "${local.help_url}"
      http {
        path {
          path = ""
          backend {
            service_name = "fake"
            service_port = 80
          }
        }
      }
    }
  }
}

But it gives me just a redirect to https://custom.intercom.help How to achieve that proxy_path using k8s nginx ingress?

Solution

  • I faced the same issue and found a solution that works for me.

    Of course you need to first configure your custom domain in the intercom settings here: https://app.intercom.io/a/apps/_/articles/site/settings

    Then you need to create a "CNAME" service in your cluster like so:

    kind: Service
apiVersion: v1
metadata:
  name: intercom-service
  namespace: ingress-nginx
spec:
  type: ExternalName
  externalName: custom.intercom.help

    Now you can link your ingress to this service and everything should work:

    apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: intercom-ingress
  namespace: ingress-nginx
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
    - secretName: tls-intercom-secret
      hosts:
        - **replace.with.domain.com**
  rules:
    - host: **replace.with.domain.com**
      http:
        paths:
          - path: /
            backend:
              serviceName: intercom-service
              servicePort: 80