入口nginx从www重定向到https

时间:2019-12-07 21:30:59

标签: nginx kubernetes configuration kubernetes-ingress nginx-ingress

我正在尝试使用ingress-nginx将http://www ...和https://www ...重定向到https://...。我怎样才能做到这一点?

我尝试使用注释nginx.ingress.kubernetes.io/server-snippetnginx.ingress.kubernetes.io/configuration-snippet添加以下自定义配置:

# 1
if($host = "www.example.com") {
    return 308 https://example.com$request_uri;
}

# 2
server {
    server_name www.example.com;
    return 308 https://example.com$request_uri;
}

# 3
server_name www.example.com;
return 308 https://example.com$request_uri;

但是在#1的nginx控制器日志中出现错误:

2019/12/07 20:58:47 [emerg] 48898#48898: unknown directive "if($host" in /tmp/nginx-cfg775816039:418
nginx: [emerg] unknown directive "if($host" in /tmp/nginx-cfg775816039:418
nginx: configuration file /tmp/nginx-cfg775816039 test failed

对于#2,我收到一个错误消息,指出该位置不允许使用服务器块,并且使用#3会导致无限重定向。我的入口Yaml看起来像这样:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-nginx
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/ingress.global-static-ip-name: "example-com"
    nginx.ingress.kubernetes.io/rewrite-target: "/"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "86400s"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "86400s"
    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
    nginx.ingress.kubernetes.io/limit-rps: "20"
    nginx.ingress.kubernetes.io/client-max-body-size: "100m"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      # see above
spec:
  tls:
  - hosts:
      - example.com
    secretName: certificate-secret
  rules:
  - host: sub.example.com
    http:
      paths:
      - backend:
          serviceName: service-sub
          servicePort: 1234
# more subdomains here
  - host: example.com
    http:
      paths:
      - backend:
          serviceName: service-example
          servicePort: 1235
  - host: "*.example.com"
    http:
      paths:
      - backend:
          serviceName: service-example-wildcard
          servicePort: 1236

我也尝试设置nginx.ingress.kubernetes.io/from-to-www-redirect: "true"注释,但这会导致另一个错误:

2019/12/07 21:20:34 [emerg] 51558#51558: invalid server name or wildcard "www.*.example.com" on 0.0.0.0:80
nginx: [emerg] invalid server name or wildcard "www.*.example" on 0.0.0.0:80
nginx: configuration file /tmp/nginx-cfg164546048 test failed

1 个答案:

答案 0 :(得分:0)

好吧,我明白了。 if之后缺少的空格将其修复。谢谢mdaniel :) 这是一个有效的配置,可将任何内容重定向到https://...,而无需www

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-nginx-integration
  namespace: integration
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/ingress.global-static-ip-name: "example-com"
    nginx.ingress.kubernetes.io/rewrite-target: "/"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "86400s"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "86400s"
    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
    nginx.ingress.kubernetes.io/limit-rps: "20"
    nginx.ingress.kubernetes.io/client-max-body-size: "100m"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      if ($host = "www.example.com") {
          return 308 https://example.com$request_uri;
      }
spec:
  tls:
  - hosts:
      - example.com
    secretName: certificate-integration-secret
  rules:
  - host: subdomain.example.com
    http:
      paths:
      - backend:
          serviceName: service-emviwiki
          servicePort: 4000
  # ... more rules, NO www here
相关问题
最新问题