在谷歌入口控制器中建立https后,websocket连接失败

时间:2018-05-24 10:26:43

标签: nginx websocket kubernetes amazon-elb kubernetes-ingress

我已在kubernetes中部署了一个由Google Ingress Controller(服务为ELB)提供服务的应用程序。该应用程序运行正常。但是,当我应用https相关配置时,https即将到来,但websocket失败。

以下是服务文件和configmap

表示http:

kind: Service
apiVersion: v1
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app: ingress-nginx
  annotations:
    # Enable PROXY protocol
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
    # Increase the ELB idle timeout to avoid issues with WebSockets or Server-Sent Events.
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
spec:
  type: LoadBalancer
  selector:
    app: ingress-nginx
  ports:
  - name: http
    port: 80
    targetPort: http
  - name: https
    port: 443
    targetPort: https

---------------------------------------------------------------------------------------------------


kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app: ingress-nginx
data:
  use-proxy-protocol: "true"

代表https:

kind: Service
apiVersion: v1
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app: ingress-nginx
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:2xxxxxxxxxxxxxxxxxxx56:certificate/3fxxxxxxxxxxxxxxxxxxxxxxxxxx80" 
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" 
    # Increase the ELB idle timeout to avoid issues with WebSockets or Server-Sent Events.
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
spec:
  type: LoadBalancer
  selector:
    app: ingress-nginx
  ports:
  - name: http
    port: 80
    targetPort: http
  - name: https
    port: 443
    targetPort: http

------------------------------------------------------------------------------------------

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app: ingress-nginx
data:
  use-proxy-protocol: "false"

我是否遗漏了configmap中的任何注释或数据?请帮帮我

1 个答案:

答案 0 :(得分:3)

我认为问题是注释:

service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"

ELB中的后端协议必须是用于websocket连接的TCP。

另外,我看到你正在使用Nginx Ingress Controller,也许你想在配置中设置这些变量

proxy-read-timeout: "3600"
proxy-send-timeout: "3600"

避免连接关闭。

相关问题
最新问题