nginx ingress自动跳转https问题总结
目录
nginx ingress,在给ingress配置TLS证书后,会默认开启HTTPS跳转。
-
如不想该ingress配置自动开启跳转,可以为该ingress配置annotations关闭
nginx.ingress.kubernetes.io/ssl-redirect: "false"
参考文档:
Annotations - NGINX Ingress Controller
参考yaml:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: annotations: ... nginx.ingress.kubernetes.io/ssl-redirect: "false" name: nginx443 namespace: default spec: rules: - host: www.a.com http: paths: - backend: serviceName: nginx servicePort: 80 path: /443 tls: - secretName: testcert
-
如想全局关闭该配置,可通过修改nginx ingress的configmap文件,进行关闭
ssl-redirect: "false"
参考文档:
ConfigMap - NGINX Ingress Controller
参考yaml:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
apiVersion: v1 data: access-log-path: /var/log/nginx/nginx_access.log error-log-path: /var/log/nginx/nginx_error.log keep-alive-requests: "10000" log-format-upstream: $remote_addr - $remote_user [$time_iso8601] $msec "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] [$upstream_addr] [$upstream_response_length] [$upstream_response_time] [$upstream_status] $req_id max-worker-connections: "65536" upstream-keepalive-connections: "200" ssl-redirect: "false" kind: ConfigMap metadata: labels: k8s-app: test-ingress-nginx-controller name: test-ingress-nginx-controller namespace: kube-system
另外,证书是跟着域名走的,故当配置多个ingress使用同一个nginx ingress controller,并且有其中一个ingress绑定了TLS域名,会有如下问题
- 当一个ingress绑定了域名后,所有使用此域名的ingress,都等于默认绑定了该域名
- 当访问此域名的所有ingress规则,都会发生HTTPS自动跳转
解决方式:
全局关闭跳转,并按需配置,或者按需关闭跳转