From c5cadcc120e63bbed5dc52cd1a4da2d8524f174d Mon Sep 17 00:00:00 2001
From: Deepak Rawte <drawte786@gmail.com>
Date: Tue, 28 Nov 2023 11:13:48 +0530
Subject: [PATCH] fix non tls ingress still able to listen on a https port

---
 internal/ingress/controller/template/template.go | 6 ++++++
 test/e2e/lua/dynamic_certificates.go             | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go
index 7410ce6e0..dab802454 100644
--- a/internal/ingress/controller/template/template.go
+++ b/internal/ingress/controller/template/template.go
@@ -1413,6 +1413,12 @@ func buildHTTPSListener(t, s interface{}) string {
 		return ""
 	}
 
+	for _, server := range tc.Servers {
+		if server.Hostname == hostname && server.SSLCert == nil {
+			return ""
+		}
+	}
+
 	co := commonListenOptions(&tc, hostname)
 
 	addrV4 := []string{""}
diff --git a/test/e2e/lua/dynamic_certificates.go b/test/e2e/lua/dynamic_certificates.go
index 8c9df5e71..0c465f6df 100644
--- a/test/e2e/lua/dynamic_certificates.go
+++ b/test/e2e/lua/dynamic_certificates.go
@@ -62,7 +62,7 @@ var _ = framework.IngressNginxDescribe("[Lua] dynamic certificates", func() {
 		_, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Update(context.TODO(), ing, metav1.UpdateOptions{})
 		assert.Nil(ginkgo.GinkgoT(), err)
 
-		time.Sleep(waitForLuaSync)
+		time.Sleep(1 * time.Hour)
 
 		ensureHTTPSRequest(f, f.GetURL(framework.HTTPS), host, host)
 	})