nginx k8s入口-强制www和https吗? [英] nginx k8s ingress - forcing www AND https?
问题描述
我有一个看起来像这样的kubernetes设置:
I have a kubernetes setup that looks like this:
nginx入口->负载均衡器-> nginx应用
nginx ingress -> load balancer -> nginx app
在获得 www .foo.com的SSL证书后,我已将它作为秘密安装在我的nginx入口中,并且按预期方式工作-到www.foo.com的流量被重定向到了改为使用https版本,浏览器将显示一个安全的连接指示器.伟大的.
after getting an SSL certificate for www.foo.com, I've installed it in my nginx ingress as a secret, and it works as expected - traffic to www.foo.com gets redirected to the https version instead, and browsers display a secure connection indicator. Great.
不是容易的事,但是正在使入口将非www 流量重定向到网站的www版本. 我尝试使用kubernetes.io/from-to-www-redirect: "true",但是似乎没有任何作用-导航到foo.com不会将我重定向到该URL的 www 版本,但是无论哪种方式我进入我的网站的不安全版本,或者根据我是否将foo.com作为主机并包含其自己的入口路径将其导航到default backend - 404.
What hasn't been easy, however, is getting the ingress to redirect non-www traffic to the www version of the site. I've tried using kubernetes.io/from-to-www-redirect: "true", but it doesn't seem to do anything - navigating to foo.com doesn't redirect me to the www version of the url, but either takes me to an insecure version of my site, or navigates me to default backend - 404 depending on whether i include foo.com as a host with it's own path in my ingress.
通过将以下内容添加到我的实际应用程序的nginx配置中,我已经能够设置不完整的重定向-
I have been able to set up a patchy redirect by adding the following to my actual application's nginx config -
server {
listen 80;
server_name foo.com;
return 301 http://www.foo.com$request_uri;
}
更新:from-to-www-redirect可以正常工作;您只需要使用nginx.ingress.kubernetes.io而不是像我以前的kubernetes.io来引用它.但是,这仅适用于foo.com-键入https://foo.com会显式导致浏览器显示安全警告,并且不会重定向到https://www.foo.com的正确URL.
UPDATE: from-to-www-redirect DOES work; you just have to reference it with nginx.ingress.kubernetes.io rather than kubernetes.io as I was. But, this only works for foo.com - typing in https://foo.com explicitly causes browsers to display a security warning and no redirect to the proper URL of https://www.foo.com occurs.
这是nginx入口本身的当前配置:
Here's my current config for the nginx ingress itself:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: foo-https-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
spec:
rules:
- host: www.foo.com
http:
paths:
- backend:
serviceName: foo-prod-front
servicePort: 80
path: /
tls:
- hosts:
- www.foo.com
secretName: tls-secret
推荐答案
您需要为要重定向的域添加证书:
You need to add the certificate for the domain you want to be redirected:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: foo-https-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
spec:
rules:
- host: foo.com
http:
paths:
- backend:
serviceName: foo-prod-front
servicePort: 80
path: /
- host: www.foo.com
http:
paths:
- backend:
serviceName: foo-prod-front
servicePort: 80
path: /
tls:
- hosts:
- foo.com
- www.foo.com
secretName: tls-secret
我不确定from-to-www-redirect是否适用于此设置,但是您可以将其替换为有效的以下行:
I am not completely sure, whether from-to-www-redirect works with this setup, but you can replace it with the following lines, which do work:
nginx.ingress.kubernetes.io/configuration-snippet: |
if ($host = 'foo.com' ) {
rewrite ^ https://www.foo.com$request_uri permanent;
}
这篇关于nginx k8s入口-强制www和https吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
