使用kubernetes nginx-ingress反向代理具有SNI支持的站点 [英] Reverse proxy a site with SNI support using kubernetes nginx-ingress
问题描述
我正在使用kubernetes nginx-ingress设置反向代理,但是我不知道如何向配置中添加nginx参数,特别是:
I am setting a reverse proxy using kubernetes nginx-ingress, but I don't know how to add nginx parameters to the configuration, specifically: proxy_ssl_server_name. How do I set ingress parameters in yaml configurations?
我已经尝试使用服务器-snippet 注释,但似乎没有将参数添加到群集Pod中的nginx.conf文件中.
I already tried using the server-snippet annotation, but it seems like it's not adding the parameter to the nginx.conf file in the cluster pods.
这是反向代理的当前代码:
Here is the current code for the reverse proxy:
kind: Service
apiVersion: v1
metadata:
name: formstack
namespace: serves
spec:
type: ExternalName
externalName: fluidsignal.formstack.com
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: formstack
namespace: serves
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/upstream-vhost: "fluidsignal.formstack.com"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
tls:
- hosts:
- fluidattacks.com
secretName: fluidattacks-cert
rules:
- host: fluidattacks.com
http:
paths:
- backend:
serviceName: formstack
servicePort: 443
path: /forms(.*)
设置代理后,我从Nginx收到502 Bad Gateway
错误.在查看了pods日志之后,我看到我收到以下openssl错误:SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40
,这就是为什么我要添加前面提到的参数的原因.
After setting up the proxy, I get a 502 Bad Gateway
error from Nginx. After looking at the pods logs, I see I'm getting the following openssl error: SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40
, which is why I want to add the parameter I mentioned before.
推荐答案
我刚刚发现我确实使用了正确的注释:nginx.ingress.kubernetes.io/server-snippet
,
I just figured out that I was indeed using the right annotation: nginx.ingress.kubernetes.io/server-snippet
,
但是我需要添加一个额外的参数:proxy_ssl_name
But I needed to add an extra parameter: proxy_ssl_name
添加以下代码可解决此问题:
Adding the following code fixed the problem:
nginx.ingress.kubernetes.io/server-snippet: |
proxy_ssl_name fluidsignal.formstack.com;
proxy_ssl_server_name on;
一切似乎都正常了:D
Everything seems to be working fine now :D
这篇关于使用kubernetes nginx-ingress反向代理具有SNI支持的站点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!