我正在尝试为进入Kubernetes集群的流量设置一个简单的HTTP到HTTPS重定向。 SSL终止发生在ELB上。当我尝试使用user.login(loginService)时,会导致无限重定向,这导致我设置了配置映射来处理此问题(nginx-ingress: Too many redirects when force-ssl is enabled)。
现在似乎根本没有重定向发生。
我的入口服务定义为:
nginx.ingress.kubernetes.io/ssl-redirect = true我的配置映射定义为:
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:...:certificate/...
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
labels:
k8s-addon: ingress-nginx.addons.k8s.io
name: ingress-nginx
namespace: ingress-nginx
spec:
externalTrafficPolicy: Cluster
ports:
- name: https
port: 443
protocol: TCP
targetPort: http
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: ingress-nginx
type: LoadBalancer
而且,入口定义为:
apiVersion: v1
kind: ConfigMap
data:
client-body-buffer-size: 32M
hsts: "true"
proxy-body-size: 1G
proxy-buffering: "off"
proxy-read-timeout: "600"
proxy-send-timeout: "600"
server-tokens: "false"
ssl-redirect: "false"
upstream-keepalive-connections: "50"
use-proxy-protocol: "true"
http-snippet: |
server {
listen 8080 proxy_protocol;
server_tokens off;
return 307 https://$host$request_uri;
}
metadata:
labels:
app: ingress-nginx
name: nginx-configuration
namespace: ingress-nginx
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
---
apiVersion: v1
kind: ConfigMap
metadata:
name: udp-services
namespace: ingress-nginx
答案 0 :(得分:3)
问题是我在负载均衡器上使用的目标端口与重定向服务器正在侦听的端口不匹配:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
这只是将所有内容发送到端口80。应该是这样的:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
这样,它就可以与ConfigMap匹配:
data:
...
http-snippet: |
server {
listen 8080 proxy_protocol;
server_tokens off;
return 307 https://$host$request_uri;
}