From 0322acc6fe75c952fea5ab0833df202d12c57c86 Mon Sep 17 00:00:00 2001
From: WTPascoe <58910271+WTPascoe@users.noreply.github.com>
Date: Sun, 15 Dec 2019 16:17:37 +0000
Subject: [PATCH] HTTPS is required for unifi gui (#19612)

* HTTPS is required for unifi gui

Signed-off-by: Wayne Pascoe <wayne@penguinpowered.org>

* Removed new annotation in values.yaml
Added instructions in README

Signed-off-by: Wayne Pascoe <wayne+github@penguinpowered.org>
---
 charts/unifi/Chart.yaml  |  2 +-
 charts/unifi/README.md   | 13 +++++++++++++
 charts/unifi/values.yaml |  1 +
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml
index 0910bf8a..ed15f431 100644
--- a/charts/unifi/Chart.yaml
+++ b/charts/unifi/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: 5.11.50
 description: Ubiquiti Network's Unifi Controller
 name: unifi
-version: 0.5.1
+version: 0.5.2
 keywords:
   - ubiquiti
   - unifi
diff --git a/charts/unifi/README.md b/charts/unifi/README.md
index e8d98232..260dd6ef 100644
--- a/charts/unifi/README.md
+++ b/charts/unifi/README.md
@@ -132,9 +132,22 @@ Read through the [values.yaml](values.yaml) file. It has several commented out s
   with the controller using UDP. See [this article][ubnt 3] and [this other
   article][ubnt 4] for more information.
 
+## Ingress and HTTPS
+Unifi does [not support HTTP][unifi] so if you wish to use the guiService, you
+need to ensure that you use a backend transport of HTTPS.
+
+An example entry in `values.yaml` to achieve this is as follows:
+```
+ingress:
+  enabled: true
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+```
+
 [docker]: https://hub.docker.com/r/jacobalberty/unifi/tags/
 [github]: https://github.com/jacobalberty/unifi-docker
 [ubnt]: https://www.ubnt.com/
 [ubnt 2]: https://unifi-sdn.ubnt.com/
 [ubnt 3]: https://help.ubnt.com/hc/en-us/articles/204976094-UniFi-What-protocol-does-the-controller-use-to-communicate-with-the-UAP-
 [ubnt 4]: https://help.ubnt.com/hc/en-us/articles/115015457668-UniFi-Troubleshooting-STUN-Communication-Errors
+[unifi]: https://community.ui.com/questions/Controller-how-to-deactivate-http-to-https/c5e247d8-b5b9-4c84-a3bb-28a90fd65668
diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml
index 92069bcc..eab78e15 100644
--- a/charts/unifi/values.yaml
+++ b/charts/unifi/values.yaml
@@ -125,6 +125,7 @@ discoveryService:
 ingress:
   enabled: false
   annotations: {}
+    # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   path: /