在kubernetes设置中移动`X-Accel-Redirect`模式以获得受保护的静态 [英] Move `X-Accel-Redirect` pattern for protected static in kubernetes setup

问题描述

我们正在迁移到kubernetes，而我们是一个全新的人.

We are moving to kubernetes and we are totally new to it.

在我们当前的单声道服务设置中，我们有:Nginx->Web应用程序.这样，我们可以通过Web应用程序中的身份验证来保护某些静态资产，并在身份验证发生后使用Nginx的内部和X-Accel-Redirect来提供静态文件.

In our current mono service setup we have: Nginx -> Web application. These way we can protect some static assets via authentication in the web application and use internal and X-Accel-Redirect of Nginx to serve static files after authentication takes place.

现在在kubernetes中，我们有了Ingress并提供了以下服务:

Now in kubernetes we have Ingress and behind these services:

• 网络应用
• 私人静态服务

有没有办法告诉从Web应用程序进入的入口重定向"?该请求就像我们对sendfile的处理一样，以便私有静态服务将对其进行回复?还是以某种方式实现保护我们的静态功能，同时在kubernetes设置中保持静态服务独立和独立?

Is there a way to tell in ingress from the web application to "redirect" the request as we kind of do with sendfile, so that the private static service will reply to it? Or somehow to achieve protecting our static while keeping the static service separate and independent in kubernetes setup?

我们通过将私有静态服务链接到Web应用程序的前面来使其工作，但是感觉必须有更好的方法.

We kind of made it work by chaining the private static service in front of the web application, but it feels there must be a better way to do it.

推荐答案

这是我设法使其正常工作的方式.

Here is how I managed to make it work.

我创建了两个入口.首先:

I created two ingresses. First:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/configuration-snippet: |
        internal;
    nginx.ingress.kubernetes.io/rewrite-target: /some/path/$1
  name: static-service-internal
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: private-static-service
          servicePort: 80
        path: /protected/(.*)

第二项服务:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
  name: web-app
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: web-app
          servicePort: 80
        path: /

您在上面看到的内容应该可以在此示例中使用来自nginx文档

What you see above is supposed to work as in this example from nginx documentation

从 web-app 接收到 X-Accel-Redirect:/protected/iso.img 时，它将请求/some/path/iso.img来自私有静态服务.

When receiving X-Accel-Redirect: /protected/iso.img from web-app then it will request /some/path/iso.img from private static service.

让我知道这是否可以解决您的问题.

Let me know if this solves you problem.

这篇关于在kubernetes设置中移动`X-Accel-Redirect`模式以获得受保护的静态的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！