如何使用由AWS Certificate Manager管理的Nginx Ingress Controller,AWS NLB和TLS证书将HTTP重定向到HTTPS?

时间:2019-11-22 15:19:03

标签: amazon-web-services nginx kubernetes nginx-ingress nlb

我已经尝试了以下方法来使HTTP重定向到HTTPS。我不确定我要去哪里。

ingress-nginx对象:

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:...
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
spec:
  type: LoadBalancer
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  ports:
    - name: http
      port: 80
      targetPort: http
    - name: https
      port: 443
      targetPort: http

my-ingress对象:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
  namespace: my-namespace
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/secure-backends: "true"
spec:
  tls:
   - hosts:
     - app.example.com
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: my-service
          servicePort: 80

我在HTTP和HTTPS上收到308 Permanent Redirect。我想这很有意义,因为NLB正在执行SSL终止,因此将HTTP转发到Nginx服务?我想我需要将SSL终止从NLB移到Nginx服务吗?

谢谢

1 个答案:

答案 0 :(得分:1)

我认为您确实需要将SSL终结点移至入口控制器,因为我遇到了同样的问题,并且似乎处于永久重定向状态。流量在443上进入NLB,并终止,并通过端口80发送到后端实例。入口在端口80上看到流量,并重定向到https://,从而开始无限循环。

相关问题
最新问题