如何使用 nginx ingress 正确设置自定义 headers?
How can I correctly setup custom headers with nginx ingress?
我有以下配置:
守护进程:
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: nginx-ingress
namespace: nginx-ingress
spec:
selector:
matchLabels:
app: nginx-ingress
template:
metadata:
labels:
app: nginx-ingress
spec:
serviceAccountName: nginx-ingress
containers:
- image: nginx/nginx-ingress:1.4.2-alpine
imagePullPolicy: Always
name: nginx-ingress
ports:
- name: http
containerPort: 80
hostPort: 80
- name: https
containerPort: 443
hostPort: 443
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
args:
- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
- -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
主要配置:
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: nginx-ingress
data:
proxy-set-headers: "nginx-ingress/custom-headers"
proxy-connect-timeout: "11s"
proxy-read-timeout: "12s"
client-max-body-size: "5m"
gzip-level: "7"
use-gzip: "true"
use-geoip2: "true"
自定义headers:
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-headers
namespace: nginx-ingress
data:
X-Forwarded-Host-Test: "US"
X-Using-Nginx-Controller: "true"
X-Country-Name: "UK"
我遇到以下情况:
- 如果我更改 "proxy-connect-timeout"、"proxy-read-timeout" 或 "client-max-body-size" 之一,我可以在控制器中看到生成的配置中出现的更改 pods
- 如果我更改 "gzip-level"(甚至尝试 "use-gzip")或 "use-geoip2" 之一,我在生成的配置中看不到任何变化(例如:"gzip on;" 总是被注释out 并且没有其他提到 zip,gzip 级别没有出现在任何地方)
- 根本没有添加来自 "ingress-nginx/custom-headers" 的自定义 headers(计划使用它们从 geoip2 传递值)
否则,一切正常,控制器日志显示我唯一的后端(转储 headers 的 expressJs 应用程序)是正确的服务器,我得到了预期的响应等等。
我已经尽可能多地复制了 github 上的示例,只做了最少的更改但没有结果(包括查看自定义 headers 的示例时)。
任何想法或指示将不胜感激。
谢谢!
看起来您正在使用 kubernetes-ingress from NGINX itself instead of ingress-nginx,这是社区 nginx 入口控制器。
如果您看到 ingress-nginx 的 supported ConfigMap keys for kubernetes-ingress none of the gzip options are supported. If you see the ConfigMap options,您将看到所有可以配置的 gzip 密钥。
尝试切换到 community nginx 入口控制器。
更新:
您也可以使用 configuration-snippet 注释:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "X-Forwarded-Host-Test: US";
more_set_headers "X-Using-Nginx-Controller: true";
more_set_headers "X-Country-Name: UK";
more_set_headers "Header: Value";
...
为了后代:
nginx 社区控制器 => 码头。io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
nginx kubernetes 控制器 => nginx/nginx-ingress:edge(如文档中所示)
自定义 headers 社区配置映射 => proxy-set-headers:"nginx-ingress/custom-headers"
为 kubernetes 自定义 headers 配置映射 => add-headers: "nginx-ingress/custom-headers"
使用入口规则注释。
Example:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "server: hide";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Frame-Options: DENY";
more_set_headers "X-Xss-Protection: 1";
name: myingress
namespace: default
spec:
tls:
- hosts:
我使用的是 nginx 服务器 1.15.9
使用 Helm 进行 kubernetes/ingress-nginx 安装时。设置您的自定义 header 例如。 My-Custom-Header 作为
controller:
addHeaders:
X-My-Custom-Header: Allow
这将在根据以下条件向客户端发送响应流量之前添加自定义 headers:https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers
您可以在日志中访问它:
controller:
log-format-upstream: '{"x-my-custom-header" : "$http_x-my-custom-header"}'
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_input_headers "headername: value";
您可以使用所需 headers 创建一个新的 ConfigMap,然后将它们添加到来自 Nginx Ingress Controller 的每个请求响应中:
kind: ConfigMap
apiVersion: v1
data:
X-Content-Type-Options: "..."
X-Frame-Options: "..."
metadata:
name: custom-headers
namespace: your-namespace
---
kind: ConfigMap
apiVersion: v1
metadata:
name: webauto-nginx-configuration
namespace: your-namespace
data:
add-headers: "your-namespace/custom-headers"
...
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: webauto-nginx-ingress-controller
namespace: your-namespace
spec:
replicas: 2
...
containers:
- name: nginx-ingress-controller
image: k8s.gcr.io/ingress-nginx/controller:VERSION_YOU_WANT
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/webauto-nginx-configuration
...
我有以下配置:
守护进程:
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: nginx-ingress
namespace: nginx-ingress
spec:
selector:
matchLabels:
app: nginx-ingress
template:
metadata:
labels:
app: nginx-ingress
spec:
serviceAccountName: nginx-ingress
containers:
- image: nginx/nginx-ingress:1.4.2-alpine
imagePullPolicy: Always
name: nginx-ingress
ports:
- name: http
containerPort: 80
hostPort: 80
- name: https
containerPort: 443
hostPort: 443
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
args:
- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
- -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
主要配置:
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: nginx-ingress
data:
proxy-set-headers: "nginx-ingress/custom-headers"
proxy-connect-timeout: "11s"
proxy-read-timeout: "12s"
client-max-body-size: "5m"
gzip-level: "7"
use-gzip: "true"
use-geoip2: "true"
自定义headers:
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-headers
namespace: nginx-ingress
data:
X-Forwarded-Host-Test: "US"
X-Using-Nginx-Controller: "true"
X-Country-Name: "UK"
我遇到以下情况:
- 如果我更改 "proxy-connect-timeout"、"proxy-read-timeout" 或 "client-max-body-size" 之一,我可以在控制器中看到生成的配置中出现的更改 pods
- 如果我更改 "gzip-level"(甚至尝试 "use-gzip")或 "use-geoip2" 之一,我在生成的配置中看不到任何变化(例如:"gzip on;" 总是被注释out 并且没有其他提到 zip,gzip 级别没有出现在任何地方)
- 根本没有添加来自 "ingress-nginx/custom-headers" 的自定义 headers(计划使用它们从 geoip2 传递值)
否则,一切正常,控制器日志显示我唯一的后端(转储 headers 的 expressJs 应用程序)是正确的服务器,我得到了预期的响应等等。
我已经尽可能多地复制了 github 上的示例,只做了最少的更改但没有结果(包括查看自定义 headers 的示例时)。
任何想法或指示将不胜感激。
谢谢!
看起来您正在使用 kubernetes-ingress from NGINX itself instead of ingress-nginx,这是社区 nginx 入口控制器。
如果您看到 ingress-nginx 的 supported ConfigMap keys for kubernetes-ingress none of the gzip options are supported. If you see the ConfigMap options,您将看到所有可以配置的 gzip 密钥。
尝试切换到 community nginx 入口控制器。
更新:
您也可以使用 configuration-snippet 注释:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "X-Forwarded-Host-Test: US";
more_set_headers "X-Using-Nginx-Controller: true";
more_set_headers "X-Country-Name: UK";
more_set_headers "Header: Value";
...
为了后代: nginx 社区控制器 => 码头。io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
nginx kubernetes 控制器 => nginx/nginx-ingress:edge(如文档中所示)
自定义 headers 社区配置映射 => proxy-set-headers:"nginx-ingress/custom-headers"
为 kubernetes 自定义 headers 配置映射 => add-headers: "nginx-ingress/custom-headers"
使用入口规则注释。
Example:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "server: hide";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Frame-Options: DENY";
more_set_headers "X-Xss-Protection: 1";
name: myingress
namespace: default
spec:
tls:
- hosts:
我使用的是 nginx 服务器 1.15.9
使用 Helm 进行 kubernetes/ingress-nginx 安装时。设置您的自定义 header 例如。 My-Custom-Header 作为
controller:
addHeaders:
X-My-Custom-Header: Allow
这将在根据以下条件向客户端发送响应流量之前添加自定义 headers:https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers 您可以在日志中访问它:
controller:
log-format-upstream: '{"x-my-custom-header" : "$http_x-my-custom-header"}'
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_input_headers "headername: value";
您可以使用所需 headers 创建一个新的 ConfigMap,然后将它们添加到来自 Nginx Ingress Controller 的每个请求响应中:
kind: ConfigMap
apiVersion: v1
data:
X-Content-Type-Options: "..."
X-Frame-Options: "..."
metadata:
name: custom-headers
namespace: your-namespace
---
kind: ConfigMap
apiVersion: v1
metadata:
name: webauto-nginx-configuration
namespace: your-namespace
data:
add-headers: "your-namespace/custom-headers"
...
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: webauto-nginx-ingress-controller
namespace: your-namespace
spec:
replicas: 2
...
containers:
- name: nginx-ingress-controller
image: k8s.gcr.io/ingress-nginx/controller:VERSION_YOU_WANT
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/webauto-nginx-configuration
...