如何使用 Nginx 入口控制器为对讲机设置 SSL?
How to setup SSL for Intercom using Nginx ingress controller?
我正在尝试为内部通信设置的自定义域启用 https。
documentation 告诉:
server {
listen 443 ssl;
server_name your-help-site.custom-domain.com; # replace this with your domain
ssl_certificate /path/to/your/fullchain.pem;
ssl_certificate_key /path/to/your/privatekey.pem;
location / {
# using "set" is important as IP addresses of Intercom servers
# changes dynamically. "set" enables nginx to follow dynamic IPs
set $intercom "https://custom.intercom.help:443";
proxy_set_header Host $host;
proxy_pass $intercom;
}
}
我试过这种方法:
resource kubernetes_ingress help_ingress {
metadata {
name = "help-ingress"
annotations = {
"certmanager.k8s.io/cluster-issuer" = "letsencrypt-prod"
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/permanent-redirect" = "http://custom.intercom.help"
"nginx.ingress.kubernetes.io/rewrite-target" = "/"
"ingress.kubernetes.io/force-ssl-redirect" = false
"nginx.ingress.kubernetes.io/from-to-www-redirect" = true
}
}
spec {
tls {
secret_name = "help-cert"
hosts = [local.help_url, "www.${local.help_url}"]
}
rule {
host = "${local.help_url}"
http {
path {
path = ""
backend {
service_name = "fake"
service_port = 80
}
}
}
}
}
}
但它只是让我重定向到 https://custom.intercom.help
如何使用 k8s nginx ingress 实现 proxy_path?
我遇到了同样的问题并找到了适合我的解决方案。
当然你需要先在这里的对讲设置中配置你的自定义域:https://app.intercom.io/a/apps/_/articles/site/settings
然后您需要像这样在您的集群中创建一个“CNAME”服务:
kind: Service
apiVersion: v1
metadata:
name: intercom-service
namespace: ingress-nginx
spec:
type: ExternalName
externalName: custom.intercom.help
现在您可以link访问该服务,一切正常:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: intercom-ingress
namespace: ingress-nginx
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- secretName: tls-intercom-secret
hosts:
- **replace.with.domain.com**
rules:
- host: **replace.with.domain.com**
http:
paths:
- path: /
backend:
serviceName: intercom-service
servicePort: 80
我正在尝试为内部通信设置的自定义域启用 https。
documentation 告诉:
server {
listen 443 ssl;
server_name your-help-site.custom-domain.com; # replace this with your domain
ssl_certificate /path/to/your/fullchain.pem;
ssl_certificate_key /path/to/your/privatekey.pem;
location / {
# using "set" is important as IP addresses of Intercom servers
# changes dynamically. "set" enables nginx to follow dynamic IPs
set $intercom "https://custom.intercom.help:443";
proxy_set_header Host $host;
proxy_pass $intercom;
}
}
我试过这种方法:
resource kubernetes_ingress help_ingress {
metadata {
name = "help-ingress"
annotations = {
"certmanager.k8s.io/cluster-issuer" = "letsencrypt-prod"
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/permanent-redirect" = "http://custom.intercom.help"
"nginx.ingress.kubernetes.io/rewrite-target" = "/"
"ingress.kubernetes.io/force-ssl-redirect" = false
"nginx.ingress.kubernetes.io/from-to-www-redirect" = true
}
}
spec {
tls {
secret_name = "help-cert"
hosts = [local.help_url, "www.${local.help_url}"]
}
rule {
host = "${local.help_url}"
http {
path {
path = ""
backend {
service_name = "fake"
service_port = 80
}
}
}
}
}
}
但它只是让我重定向到 https://custom.intercom.help
如何使用 k8s nginx ingress 实现 proxy_path?
我遇到了同样的问题并找到了适合我的解决方案。
当然你需要先在这里的对讲设置中配置你的自定义域:https://app.intercom.io/a/apps/_/articles/site/settings
然后您需要像这样在您的集群中创建一个“CNAME”服务:
kind: Service
apiVersion: v1
metadata:
name: intercom-service
namespace: ingress-nginx
spec:
type: ExternalName
externalName: custom.intercom.help
现在您可以link访问该服务,一切正常:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: intercom-ingress
namespace: ingress-nginx
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- secretName: tls-intercom-secret
hosts:
- **replace.with.domain.com**
rules:
- host: **replace.with.domain.com**
http:
paths:
- path: /
backend:
serviceName: intercom-service
servicePort: 80