- A+
所属分类:K8S
ingress默认会丢弃不标准的http头
解决:configmaps添加
1 2 |
data: enable-underscores-in-headers: "true" |
ingress默认上传大小1m
解决:configmaps添加
1 2 |
data: proxy-body-size: "50m" |
ingress默认https不支持老的浏览器ie居多
问题点: ssl只支持TLS1.2 1.3导致
解决:configmaps添加
1 2 3 |
data: ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA" ssl-protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3" |
nginx多个路径找不到路由
问题点: nginx ingress默认proxy_pass 后面没有/ ,导致前面URI带入到后端,解决
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/rewrite-target: /$2 #重要 name: rewrite namespace: default spec: rules: - host: rewrite.bar.com http: paths: - backend: serviceName: http-svc servicePort: 80 path: /bbbbbb(/|$)(.*) # 通过上面的/$2去掉/bbbbbb(/|$) - backend: serviceName: http-svc1 servicePort: 80 path: /aaaa(/|$)(.*) - backend: serviceName: http-svc2 servicePort: 80 path: /cccccc(/|$)(.*) # cccccc,bbbbbb,aaaa url 访问路径也就是项目的根目录。 |
websocket支持,新版默认支持,但是需要调整连接超时设置
1 2 |
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" |
ssl强制跳转关闭
1 2 |
nginx.ingress.kubernetes.io/force-ssl-redirect: "false" nginx.ingress.kubernetes.io/ssl-redirect: "false" |
- 我的微信
- 这是我的微信扫一扫
- 我的微信公众号
- 我的微信公众号扫一扫