文章 标签 分类 个人简介

目录

nginx ingress自动跳转https问题总结

 收录于 技术学习
   约 404 字   预计阅读 1 分钟    次阅读  
目录

nginx ingress,在给ingress配置TLS证书后,会默认开启HTTPS跳转。

  1. 如不想该ingress配置自动开启跳转,可以为该ingress配置annotations关闭

    nginx.ingress.kubernetes.io/ssl-redirect: "false"

    参考文档:

    Annotations - NGINX Ingress Controller

    参考yaml:

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

    apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  annotations:
		...
		nginx.ingress.kubernetes.io/ssl-redirect: "false"
  name: nginx443
  namespace: default
spec:
  rules:
  - host: www.a.com
    http:
      paths:
      - backend:
          serviceName: nginx
          servicePort: 80
        path: /443
  tls:
  - secretName: testcert

  2. 如想全局关闭该配置,可通过修改nginx ingress的configmap文件,进行关闭

    ssl-redirect: "false"

    参考文档:

    ConfigMap - NGINX Ingress Controller

    参考yaml:

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

    apiVersion: v1
data:
  access-log-path: /var/log/nginx/nginx_access.log
  error-log-path: /var/log/nginx/nginx_error.log
  keep-alive-requests: "10000"
  log-format-upstream: $remote_addr - $remote_user [$time_iso8601] $msec "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] [$upstream_addr] [$upstream_response_length] [$upstream_response_time] [$upstream_status] $req_id
  max-worker-connections: "65536"
  upstream-keepalive-connections: "200"
	ssl-redirect: "false"
kind: ConfigMap
metadata:
  labels:
    k8s-app: test-ingress-nginx-controller
  name: test-ingress-nginx-controller
  namespace: kube-system

另外,证书是跟着域名走的,故当配置多个ingress使用同一个nginx ingress controller,并且有其中一个ingress绑定了TLS域名,会有如下问题

  1. 当一个ingress绑定了域名后,所有使用此域名的ingress,都等于默认绑定了该域名
  2. 当访问此域名的所有ingress规则,都会发生HTTPS自动跳转

解决方式:

全局关闭跳转,并按需配置,或者按需关闭跳转

更新于 2021-11-02
 kubernetesnginx-ingress
返回 | 主页