正则表达式似乎有效时，Kubernetes入口/NGINX重写不匹配 [英] Kubernetes ingress / NGINX re-write does not match while regex seems valid

问题描述

我正在尝试过滤出所有以/something开头的路径.尽管正则表达式似乎PCRE对在线测试人员有效，但对于所有路径，结果均为404:

I'm trying to filter out all paths that begin with /something. While the regex seems PCRE valid by online testers, the result is 404 for all paths:

kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  rules:
  - host: myhost.com
    http:
      paths:
      - backend:
          serviceName: myservice
          servicePort: 80          
        path: /^([^something].*)

曾尝试过使用正则表达式(例如path: /(^[^something])(.*))，但仍然获得所有404.

Tried to play with the regex (e.g, path: /(^[^something])(.*)), but still get 404 for all.

我想念什么?

将v1.12.2客户端与v1.14.1服务器一起使用.

Using v1.12.2 client with v1.14.1 server.

推荐答案

如果要拒绝所有/something流量，则应使用称为Nginx注释. /ingress-nginx/用户指南/nginx-configuration/annotations/#server-snippet"rel =" nofollow noreferrer>服务器快照.它将允许您添加自定义配置.

If you want to deny all traffic to /something you should use Nginx annotations called server-snipped. It will allow you to add custom configuration.

它看起来像:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
   name: nginx-snippet
   annotations:
      nginx.ingress.kubernetes.io/configuration-snippet: |

      location /something {

           deny all;  
      }

Fimilar示例可在 Github 线程中找到.

Fimilar example can be found on Github thread.

您还可以考虑第二个选项，其中包含2个ingress对象和authentication.另一个 StackOverflow问题中提到了这一点.

You can also consider second option with 2 ingress objects and authentication. This was mentioned in another StackOverflow question.

此外，您不仅可以拒绝按位置访问，还可以拒绝使用特定IP的访问.可以使用称为的注释来获取whitelist-source-range .

In addition, you can deny access not only by location but also with specific IP. It can be obtain using annotation called whitelist-source-range.

这篇关于正则表达式似乎有效时，Kubernetes入口/NGINX重写不匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！