我在 Google Cloud Kubernetes Engine 中使用 Kubernetes 并设置了以下内容: - Nginx docker 镜像 (nginx:latest),它托管了一个网络应用程序 - Kubernetes 部署(yaml 文件) - Kubernetes 服务(yaml 文件) - 具有现有 key 和证书的 Kubernetes Secret(通配符 PositiveSSL) - Kubernetes 入口
目前我同时使用 HTTP 和 HTTPS。但是,我想自动将所有 HTTP 调用重定向到 HTTPS,但似乎无法正常工作。
我已经尝试了下面的 conf 和脚本文件的许多变体,但它似乎无法将 HTTP 重定向到 HTTPS。
知道我在这里做错了什么吗?
请参阅下面的 conf、yaml 和 docker 文件。
Nginx session :
server {
listen 80;
charset utf-8;
root /usr/share/nginx/html;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_pass http://portal.domain.com;
proxy_http_version 1.1;
proxy_request_buffering off;
}
}
server {
listen 443 ssl;
charset utf-8;
root /usr/share/nginx/html;
ssl_certificate /etc/nginx/ssl/domain_com_full.crt;
ssl_certificate_key /etc/nginx/ssl/domain_com.key;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_pass http://portal.domain.com;
proxy_http_version 1.1;
proxy_request_buffering off;
}
}
Docker 文件:
FROM nginx:latest
COPY nginx.conf /etc/nginx/conf.d/default.conf
COPY domain_com_full.crt /etc/nginx/ssl/domain_com_full.crt
COPY domain_com.key /etc/nginx/ssl/domain_com.key
COPY dist /usr/share/nginx/html
EXPOSE 443 80
部署YAML(我用脚本填写镜像的修改部分):
apiVersion: apps/v1
kind: Deployment
metadata:
name: domain-frontend-prd
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
run: domain-frontend-prd
template:
metadata:
labels:
run: domain-frontend-prd
spec:
containers:
- name: domain-frontend-image
image: eu.gcr.io/domain-service/domain-frontend-image:{{REVISION_ID}}
ports:
- containerPort: 80
- containerPort: 443
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
服务 YAML:
apiVersion: v1
kind: Service
metadata:
name: domain-frontend-service-prd
spec:
type: NodePort
selector:
run: domain-frontend-prd
ports:
- protocol: TCP
port: 443
targetPort: 443
name: https-port
- protocol: TCP
port: 80
targetPort: 80
name: http-port
Ingress YAML( secret 有效,因为 HTTPS 调用也有效 + 静态 IP 也在那里并有效):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: domain-frontend-ingress-prd
annotations:
kubernetes.io/ingress.global-static-ip-name: kubernetes-ingress
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- portal.domain.com
secretName: domain-tls
backend:
serviceName: domain-frontend-service-prd
servicePort: 80
rules:
- host: portal.domain.com
http:
paths:
- path: /
backend:
serviceName: domain-frontend-service-prd
servicePort: 80
最佳答案
通过广泛的搜索,我发现 Google Cloud Kubernetes 引擎中的标准 Ingress Controller 显然不支持重定向到 HTTPS。
为了能够将流量重新发送到 HTTPS(从 HTTP),您需要根据本教程/文档安装 NGINX Ingress Controller :
https://cloud.google.com/community/tutorials/nginx-ingress-gke
这解决了我的问题。
关于ssl - Kubernetes 入口 : SSL (HTTP -> HTTPS) redirect not working (Nginx Docker),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55782987/