如何使用 AWS Certificate Manager 管理的 Nginx Ingress Controller、AWS NLB 和 TLS 证书将 HTTP 重定向到 HTTPS?
How to redirect HTTP to HTTPS with Nginx Ingress Controller, AWS NLB and TLS certificate managed by AWS Certificate Manager?
我尝试了以下方法让 HTTP 重定向到 HTTPS。我不确定我哪里出错了。
ingress-nginx 对象:
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:...
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: http
my-ingress 对象:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
namespace: my-namespace
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/secure-backends: "true"
spec:
tls:
- hosts:
- app.example.com
rules:
- host: app.example.com
http:
paths:
- path: /
backend:
serviceName: my-service
servicePort: 80
我在 HTTP 和 HTTPS 上得到 308 Permanent Redirect。我想这是有道理的,因为 NLB 正在执行 SSL 终止并因此将 HTTP 转发到 Nginx 服务?我想我需要将 SSL 终止从 NLB 移动到 Nginx 服务吗?
谢谢
我相信您确实需要将 SSL 终止移动到入口控制器,因为我遇到了同样的问题,而且我似乎处于永久重定向状态。流量在 443 上进入 NLB,终止并通过端口 80 发送到后端实例。入口看到端口 80 上的流量并重定向到 https://,从而开始无限循环。
我尝试了以下方法让 HTTP 重定向到 HTTPS。我不确定我哪里出错了。
ingress-nginx 对象:
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:...
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: http
my-ingress 对象:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
namespace: my-namespace
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/secure-backends: "true"
spec:
tls:
- hosts:
- app.example.com
rules:
- host: app.example.com
http:
paths:
- path: /
backend:
serviceName: my-service
servicePort: 80
我在 HTTP 和 HTTPS 上得到 308 Permanent Redirect。我想这是有道理的,因为 NLB 正在执行 SSL 终止并因此将 HTTP 转发到 Nginx 服务?我想我需要将 SSL 终止从 NLB 移动到 Nginx 服务吗?
谢谢
我相信您确实需要将 SSL 终止移动到入口控制器,因为我遇到了同样的问题,而且我似乎处于永久重定向状态。流量在 443 上进入 NLB,终止并通过端口 80 发送到后端实例。入口看到端口 80 上的流量并重定向到 https://,从而开始无限循环。