在Kubernetes上使用Nginx SSL代理运行Meteor应用 [英] Running Meteor app with Nginx SSL proxy on Kubernetes
问题描述
我有一个在Google Cloud上使用Kubernetes部署的Meteor应用程序,配置了Nginx作为SSL终端.一切正常.
I have a Meteor app deployed using Kubernetes on Google Cloud, configured with Nginx acting as SSL termination. Everything working ok.
但是,如果两个不同的客户端连接到两个不同的SSL容器,则更新最多不会在相应的应用程序上显示10秒钟,这似乎使Websockets无法正常工作,但是轮询正在进行影响.我已经确认所有客户端都已与Websockets连接,但是由于更新不会立即传播,因此可能未将Nginx配置为与Meteor应用正确对话.
However, it appears that if two different clients connect to two different SSL containers, updates don't show up on the respective apps for up to 10 seconds, which makes it seem that Websockets isn't working, but polling is taking effect. I have confirmed that all clients are connected with Websockets, but since updates do not propagate immediately, perhaps Nginx isn't configured to correctly talk with the Meteor app.
这是我的SSL/Nginx服务:
Here's my SSL/Nginx service:
apiVersion: v1
kind: Service
metadata:
name: frontend-ssl
labels:
name: frontend-ssl
spec:
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
selector:
name: frontend-ssl
type: LoadBalancer
loadBalancerIP: 123.456.123.456
sessionAffinity: ClientIP
apiVersion: v1
kind: Service
metadata:
name: frontend-ssl
labels:
name: frontend-ssl
spec:
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
selector:
name: frontend-ssl
type: LoadBalancer
loadBalancerIP: 123.456.123.456
sessionAffinity: ClientIP
这是流星服务:
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
name: frontend
spec:
ports:
- port: 3000
targetPort: 3000
selector:
name: flow-frontend
type: LoadBalancer
loadBalancerIP: 123.456.123.456
sessionAffinity: ClientIP
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
name: frontend
spec:
ports:
- port: 3000
targetPort: 3000
selector:
name: flow-frontend
type: LoadBalancer
loadBalancerIP: 123.456.123.456
sessionAffinity: ClientIP
对于SSL终止,我使用Kubernetes建议的SSL设置,并附加了Websockets附加功能 https: //github.com/markoshust/nginx-ssl-proxy
For SSL termination, I'm using the Kubernetes suggested SSL setup forked with Websockets additions https://github.com/markoshust/nginx-ssl-proxy
推荐答案
运行应用的最简单方法是使用基于Nginx的入口控制器,而不是Nginx服务.
The easiest way to run your app would be using Nginx based ingress controller instead of Nginx service.
在我看来,部署入口控制器的最简单方法是使用头盔: https://docs.helm.sh/using_helm/#installing-helm https://kubeapps.com/charts/stable/nginx-ingress
In my opinion the easiest way to deploy ingress controller is with helm: https://docs.helm.sh/using_helm/#installing-helm https://kubeapps.com/charts/stable/nginx-ingress
但是,如果您不想在堆栈中添加其他工具,则可以使用官方安装指南:
But if you prefer not adding another tool to your stack you can use official installation guide: https://github.com/kubernetes/ingress-nginx/tree/master/deploy.
可在此处找到支持Web套接字的示例入口对象配置: https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/websocket
Example ingress object configuration with web sockets support can be found here: https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/websocket
这篇关于在Kubernetes上使用Nginx SSL代理运行Meteor应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!