在Kubernetes上使用Nginx SSL代理运行Meteor应用
[英]Running Meteor app with Nginx SSL proxy on Kubernetes
问题描述
I have a Meteor app deployed using Kubernetes on Google Cloud, configured with Nginx acting as SSL termination. 
我有一个使用Kubernetes在Google Cloud上部署的Meteor应用程序,配置了Nginx作为SSL终止。 Everything working ok. 一切正常。
However, it appears that if two different clients connect to two different SSL containers, updates don't show up on the respective apps for up to 10 seconds, which makes it seem that Websockets isn't working, but polling is taking effect. 但是,如果两个不同的客户端连接到两个不同的SSL容器,似乎更新不会在各自的应用程序上显示长达10秒钟,这似乎使Websockets无法正常工作,但轮询正在生效。 I have confirmed that all clients are connected with Websockets, but since updates do not propagate immediately, perhaps Nginx isn't configured to correctly talk with the Meteor app. 我已经确认所有客户端都已与Websockets连接,但是由于更新不会立即传播,因此Nginx可能未配置为与Meteor应用正确对话。
Here's my SSL/Nginx service: 这是我的SSL / Nginx服务:
apiVersion: v1 kind: Service metadata: name: frontend-ssl labels: name: frontend-ssl spec: ports: - name: http port: 80 targetPort: 80 - name: https port: 443 targetPort: 443 selector: name: frontend-ssl type: LoadBalancer loadBalancerIP: 123.456.123.456 sessionAffinity: ClientIP
And here is the Meteor service: 这是流星服务:
apiVersion: v1 kind: Service metadata: name: frontend labels: name: frontend spec: ports: - port: 3000 targetPort: 3000 selector: name: flow-frontend type: LoadBalancer loadBalancerIP: 123.456.123.456 sessionAffinity: ClientIP
For SSL termination, I'm using the Kubernetes suggested SSL setup forked with Websockets additions https://github.com/markoshust/nginx-ssl-proxy 对于SSL终止,我正在使用Kubernetes建议的SSL设置以及Websockets附加功能进行分叉https://github.com/markoshust/nginx-ssl-proxy
2 个解决方案
解决方案1
0 2016-04-02 17:00:53
In your NginX config, did you make sure to use the ip_hash flag to direct websockets to the same server each time? 在您的NginX配置中,您是否确保ip_hash使用ip_hash标志将websocket定向到同一服务器? also you need to make sure the websocket Upgrade headers are forwarded: 您还需要确保转发了websocket升级标头:
upstream meteorapp{
ip_hash;
server hostname:port
}
server {
# your server stuff here
#
location / {
proxy_pass http://meteorapp;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_redirect http:// $scheme://;
}
}
解决方案2
0 2017-11-02 00:08:52
The easiest way to run your app would be using Nginx based ingress controller instead of Nginx service. 运行应用程序的最简单方法是使用基于Nginx的入口控制器,而不是Nginx服务。
In my opinion the easiest way to deploy ingress controller is with helm: https://docs.helm.sh/using_helm/#installing-helm https://kubeapps.com/charts/stable/nginx-ingress 在我看来,部署入口控制器的最简单方法是使用头盔: https : //docs.helm.sh/using_helm/#installing-helm https://kubeapps.com/charts/stable/nginx-ingress
But if you prefer not adding another tool to your stack you can use official installation guide: https://github.com/kubernetes/ingress-nginx/tree/master/deploy . 但是,如果您不想在堆栈中添加其他工具,则可以使用官方安装指南: https : //github.com/kubernetes/ingress-nginx/tree/master/deploy 。
Example ingress object configuration with web sockets support can be found here: https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/websocket 可以在以下位置找到具有Web套接字支持的示例入口对象配置: https : //github.com/nginxinc/kubernetes-ingress/tree/master/examples/websocket
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.