我正在尝试为进入Kubernetes集群的流量设置一个简单的HTTP到HTTPS重定向. SSL终止发生在ELB上.当我尝试使用nginx.ingress.kubernetes.io/ssl-redirect = true时,它会导致无限重定向,这导致我设置了配置映射来处理此问题( nginx入口:启用force-ssl时重定向过多).
I'm trying to set up a simple HTTP to HTTPS redirect for traffic going to a Kubernetes cluster. The SSL termination is happening on the ELB. When I try to use the nginx.ingress.kubernetes.io/ssl-redirect = true it results in an infinite redirect which led me to setting up a config map to handle this (nginx-ingress: Too many redirects when force-ssl is enabled).
现在似乎根本没有重定向发生.
Now there seems to be no redirection happening at all.
我的入口服务定义为:
apiVersion: v1 kind: Service metadata: annotations: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600" service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*' service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:...:certificate/... service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https labels: k8s-addon: ingress-nginx.addons.k8s.io name: ingress-nginx namespace: ingress-nginx spec: externalTrafficPolicy: Cluster ports: - name: https port: 443 protocol: TCP targetPort: http - name: http port: 80 protocol: TCP targetPort: http selector: app: ingress-nginx type: LoadBalancer我的配置映射定义为:
apiVersion: v1 kind: ConfigMap data: client-body-buffer-size: 32M hsts: "true" proxy-body-size: 1G proxy-buffering: "off" proxy-read-timeout: "600" proxy-send-timeout: "600" server-tokens: "false" ssl-redirect: "false" upstream-keepalive-connections: "50" use-proxy-protocol: "true" http-snippet: | server { listen 8080 proxy_protocol; server_tokens off; return 307 $host$request_uri; } metadata: labels: app: ingress-nginx name: nginx-configuration namespace: ingress-nginx --- apiVersion: v1 kind: ConfigMap metadata: name: tcp-services namespace: ingress-nginx --- apiVersion: v1 kind: ConfigMap metadata: name: udp-services namespace: ingress-nginx而且,入口定义为:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: gateway-ingress annotations: nginx.ingress.kubernetes.io/cors-allow-credentials: "true" nginx.ingress.kubernetes.io/cors-allow-headers: Authorization, origin, accept nginx.ingress.kubernetes.io/cors-allow-methods: GET, OPTIONS nginx.ingress.kubernetes.io/cors-allow-origin: gateway.example/monitor nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/ssl-redirect: "false" spec: rules: - host: gateway.example http: paths: - backend: serviceName: gateway servicePort: 8080 path: / tls: - hosts: - gateway.example推荐答案
问题是我在负载均衡器上使用的目标端口与重定向服务器正在侦听的端口不匹配:
The issue was the target port I was using on the load balancer not matching the port the redirection server was listening on:
ports: - name: http port: 80 protocol: TCP targetPort: http这只是将所有内容发送到端口80.应该是这样:
This was just sending everything to port 80. It should have been this:
ports: - name: http port: 80 protocol: TCP targetPort: 8080这样,它与ConfigMap的匹配:
That way it matches up with the ConfigMap's:
data: ... http-snippet: | server { listen 8080 proxy_protocol; server_tokens off; return 307 $host$request_uri; }更多推荐
Kubernetes在AWS上使用ELB终止SSL的HTTP到HTTPS重定向
发布评论