[alibaba/higress]nginx ingress 默认监听了 80 和 443 端口，ingress 全局配置 force-ssl-redirect，将http 重定向到 https。higress 是否有相关配置

先按照 https://github.com/alibaba/higress/issues/2383 里的说明解决 HTTPS 的配置问题。

这个确实是跟nginx ingress没有对齐的点，可以看下 @Erica177 @slievrly

higress 配置 nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 确实会重定向，但是无法使用 443 端口的，因为ingress 没有配置spec.tls。 使用nginx ingress配置nginx.ingress.kubernetes.io/force-ssl-redirect: "true" ，ingress 对象不配置spec.tls 是可以使用https请求的

测试结果 nginx ingress

 curl  -sSIv -k -H "Host: yunxiao.xxx.net" https://10.254.6.119
*   Trying 10.254.6.119:443...
* TCP_NODELAY set
* Connected to 10.254.6.119 (10.254.6.119) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate
*  start date: Jun  6 08:48:23 2025 GMT
*  expire date: Jun  6 08:48:23 2026 GMT
*  issuer: O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5595ec630650)
> HEAD / HTTP/2
> Host: yunxiao.starbucks.net
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
HTTP/2 200
< date: Tue, 10 Jun 2025 05:52:52 GMT
date: Tue, 10 Jun 2025 05:52:52 GMT
< content-type: text/html
content-type: text/html
< content-length: 615
content-length: 615
< vary: Accept-Encoding
vary: Accept-Encoding
< last-modified: Wed, 05 Feb 2025 11:07:30 GMT
last-modified: Wed, 05 Feb 2025 11:07:30 GMT
< etag: "67a34672-267"
etag: "67a34672-267"
< accept-ranges: bytes
accept-ranges: bytes
< strict-transport-security: max-age=15724800; includeSubDomains
strict-transport-security: max-age=15724800; includeSubDomains

<
* Connection #0 to host 10.254.6.119 left intact

higress

curl  -sSIv -k -H "Host: yunxiao.xxx.net" https://10.254.5.141
*   Trying 10.254.5.141:443...
* TCP_NODELAY set
* connect to 10.254.5.141 port 443 failed: Connection refused
* Failed to connect to 10.254.5.141 port 443: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 10.254.5.141 port 443: Connection refused

使用http

curl  -sSIv -k -H "Host: yunxiao.xxx.net" http://10.254.5.141
*   Trying 10.254.5.141:80...
* TCP_NODELAY set
* Connected to 10.254.5.141 (10.254.5.141) port 80 (#0)
> HEAD / HTTP/1.1
> Host: yunxiao.xxx.net
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
HTTP/1.1 308 Permanent Redirect
< location: https://yunxiao.xxx.net/
location: https://yunxiao.xxx.net/
< date: Tue, 10 Jun 2025 05:55:06 GMT
date: Tue, 10 Jun 2025 05:55:06 GMT
< server: istio-envoy
server: istio-envoy
< transfer-encoding: chunked
transfer-encoding: chunked

<
* Connection #0 to host 10.254.5.141 left intact