使用kubernetes nginx-ingress反向代理具有SNI支持的站点 [英] Reverse proxy a site with SNI support using kubernetes nginx-ingress

问题描述

我正在使用kubernetes nginx-ingress设置反向代理，但是我不知道如何向配置中添加nginx参数，特别是:

I am setting a reverse proxy using kubernetes nginx-ingress, but I don't know how to add nginx parameters to the configuration, specifically: proxy_ssl_server_name. How do I set ingress parameters in yaml configurations?

我已经尝试使用服务器-snippet 注释，但似乎没有将参数添加到群集Pod中的nginx.conf文件中.

I already tried using the server-snippet annotation, but it seems like it's not adding the parameter to the nginx.conf file in the cluster pods.

这是反向代理的当前代码:

Here is the current code for the reverse proxy:

kind: Service
apiVersion: v1
metadata:
  name: formstack
  namespace: serves
spec:
  type: ExternalName
  externalName: fluidsignal.formstack.com
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: formstack
  namespace: serves
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/upstream-vhost: "fluidsignal.formstack.com"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  tls:
  - hosts:
    - fluidattacks.com
    secretName: fluidattacks-cert
  rules:
  - host: fluidattacks.com
    http:
      paths:
      - backend:
          serviceName: formstack
          servicePort: 443
        path: /forms(.*)

设置代理后，我从Nginx收到502 Bad Gateway错误.在查看了pods日志之后，我看到我收到以下openssl错误:SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40，这就是为什么我要添加前面提到的参数的原因.

After setting up the proxy, I get a 502 Bad Gateway error from Nginx. After looking at the pods logs, I see I'm getting the following openssl error: SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40, which is why I want to add the parameter I mentioned before.

推荐答案

我刚刚发现我确实使用了正确的注释:nginx.ingress.kubernetes.io/server-snippet，

I just figured out that I was indeed using the right annotation: nginx.ingress.kubernetes.io/server-snippet,

但是我需要添加一个额外的参数:proxy_ssl_name

But I needed to add an extra parameter: proxy_ssl_name

添加以下代码可解决此问题:

Adding the following code fixed the problem:

nginx.ingress.kubernetes.io/server-snippet: |
  proxy_ssl_name fluidsignal.formstack.com;
  proxy_ssl_server_name on;

一切似乎都正常了:D

Everything seems to be working fine now :D

这篇关于使用kubernetes nginx-ingress反向代理具有SNI支持的站点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！