从http重定向到https不适用于Kubernetes Nginx Ingress Controller中的自定义后端服务 [英] Redirection from http to https not working for custom backend service in Kubernetes Nginx Ingress Controller

问题描述

我在Kubernetes中使用Ingress资源设置了自定义Nginx入口控制器，而不是"default-http-backend service"，而是使用自定义应用程序作为默认后端服务，用于默认请求.我还为我的服务使用了设置为kubernetes机密的自定义SSL.问题是当我请求规则中提到的主机名时，https重定向有效.但是，发出规则中提到的主机以外的其他请求时，它将服务于默认应用程序，但是https重定向不起作用.

I have setup Custom Nginx ingress controller with Ingress resource in Kubernetes and instead of "default-http-backend service", I used custom application as the default backend service to be served for default requests. I have also used custom SSL which is set as kubernetes secret, for my service. The issue is that when I request the hostnames which are mentioned in the rules, the https redirection works. But when the requests other than the hosts mentioned in the rules are made, it serves the default app, but the https redirection does not work.

对于所有请求，包括默认请求，如何将请求从http重定向到https.换句话说，如何在入口资源中为通配符域设置https重定向.

How can I redirect requests from http to https for all the requests including default requests. In other words, how to setup https redirection for wildcard domains in ingress resource.

请找到我的yaml文件作为入口资源.

Please find my yaml files for ingress resource.

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-resource
  namespace: default
  annotations:
   kubernetes.io/ingress.class: "nginx"
   kubernetes.io/ingress.allow-http: "false"
   ingress.kubernetes.io/rewrite-target: /
   ingress.kubernetes.io/ssl-redirect: "true"
   ingress.kubernetes.io/proxy-connect-timeout: "14400"
   ingress.kubernetes.io/proxy-send-timeout: "14400"
   ingress.kubernetes.io/proxy-read-timeout: "14400"
spec:
  tls:
  - secretName: tls-secret

  rules:

  - host: service1.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: service1
          servicePort: 80

  - host: service2.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: service2
          servicePort: 80

---

推荐答案

我需要为未设置规则的默认请求配置自定义服务(不是default-http-backend服务)，并且此自定义服务应使用自定义SSL.目前，如果Ingress规则中省略了域名(使用通配符" TLS证书的目的)，nginx-ingress-controller不会执行任何操作. 因此，我在我使用的入口Yaml中添加了以下代码，这非常有效.我在底部的自定义默认服务的入口规则中添加了通配符tls名称.请在下面找到代码:

I needed to configure custom service (not default-http-backend service) for default requests which does not have rules set and this custom service should use custom SSL. At present nginx-ingress-controller doesn't do anything if the domain names are omitted from the Ingress rules (with the intention of the "wildcard" TLS cert being used). Therefore I have added the following code in the ingress yaml I used and this works perfectly. I have added the wildcard tls name in ingress rules at the bottom for the custom default service. Please find the code below:

  rules:

  - host: service1.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: service1
          servicePort: 80

  - host: service2.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: service2
          servicePort: 80

  - host: '*.example.com'
    http:
      paths:
      - path: /
        backend:
          serviceName: custom-backend-service
          servicePort: 80

这篇关于从http重定向到https不适用于Kubernetes Nginx Ingress Controller中的自定义后端服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！