侧边栏壁纸
博主头像
爱运维 博主等级

行动起来,活在当下

  • 累计撰写 197 篇文章
  • 累计创建 143 个标签
  • 累计收到 21 条评论

目 录CONTENT

文章目录
K8S

ingress nginx坑点(持续更新)

Administrator
2020-07-31 / 1 评论 / 0 点赞 / 7 阅读 / 0 字

ingress默认会丢弃不标准的http头

解决:configmaps添加
data:
 enable-underscores-in-headers: "true"

ingress默认上传大小1m

解决:configmaps添加
data:
 proxy-body-size: "50m"

ingress默认https不支持老的浏览器ie居多

问题点: ssl只支持TLS1.2 1.3导致
解决:configmaps添加
data:
  ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
  ssl-protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"

 nginx多个路径找不到路由

问题点: nginx ingress默认proxy_pass 后面没有/ ,导致前面URI带入到后端,解决
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$2 #重要
  name: rewrite
  namespace: default
spec:
  rules:
  - host: rewrite.bar.com
    http:
      paths:
      - backend:
          serviceName: http-svc
          servicePort: 80
        path: /bbbbbb(/|$)(.*) # 通过上面的/$2去掉/bbbbbb(/|$)
      - backend:
          serviceName: http-svc1
          servicePort: 80
        path: /aaaa(/|$)(.*)
      - backend:
          serviceName: http-svc2
          servicePort: 80
        path: /cccccc(/|$)(.*) 
        
    # cccccc,bbbbbb,aaaa url 访问路径也就是项目的根目录。

websocket支持,新版默认支持,但是需要调整连接超时设置

nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"

ssl强制跳转关闭

nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
 
0

评论区