Kubernetes Helm Orangehrm HTTPS-错误请求

Question

I'm kinda new to the kubernetes technology, sorry if I'm asking something really dumb. 我对kubernetes技术有点陌生，对不起，如果我问的是真正愚蠢的东西。 I've been trying to install orangehrm with helm, with no major problems actually and the http works fine but when I try to acces through the https url, it shows me the error of bad request. 我一直在尝试安装带有头盔的orangehrm，实际上没有大的问题，并且http可以正常工作，但是当我尝试通过https url访问时，它向我显示了错误请求的错误。

It's been installed with a modify value.yaml for the db configuration and also for user and password to login. 它已经安装了一个modify value.yaml，用于数据库配置以及用于登录的用户和密码。 But the rest is just as the github repositoy is. 但是其余的与github仓库一样。 Secret and login were set apart in my kubernetes configuration from this value.yaml file because the secret wasn't working. 在我的kubernetes配置中，将此机密和登录名与该value.yaml文件区分开了，因为该机密无法正常工作。

image:
  registry: docker.io
  repository: bitnami/orangehrm
  tag: 4.3.1-0-debian-9-r8
  pullPolicy: IfNotPresent
orangehrmUsername: admin
orangehrmPassword: admin
externalDatabase:
  host: [REDACTED]
  user: [REDACTED]
  password: [REDACTED]
  database: [REDACTED]
mariadb:
  enabled: false
  replication:
    enabled: true
  db:
    name: orangehrm
    user: [REDACTED]
    password: [REDACTED]
  master:
    persistence:
      enabled: true
      accessMode: ReadWriteOnce
      size: 8Gi
service:
  type: NodePort
  port: 80
  httpsPort: 443
  nodePorts:
    http: ""
    https: ""
  externalTrafficPolicy: Cluster
persistence:
  enabled: true
  orangehrm:
    storageClass: slow
    accessMode: ReadWriteOnce
    size: 8Gi
    apache:
    storageClass: slow
    accesMod: ReadWriteOnce
    size: 16Gi
resources:
  requests:
    memory: 512Mi
    cpu: 300m
podAnnotations: {}
ingress:
  enabled: true
  certManager: false
  annotations:
    kubernetes.io/ingress.class: nginx
  hosts:
  - name: [REDACTED].com
    path: /
    tls: false
    tlsSecret: orangehrm-orangehrm
  secrets:
metrics:
  enabled: false
  image:
    registry: docker.io
    repository: lusotycoon/apache-exporter
    tag: v0.5.0
    pullPolicy: IfNotPresent

  podAnnotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "9117"

Bad Request 错误的请求

Your browser sent a request that this server could not understand. 您的浏览器发送了该服务器无法理解的请求。 Reason: >You're speaking plain HTTP to an SSL-enabled server port. 原因：>您正在对支持SSL的服务器端口使用纯HTTP。

curl -v output curl -v输出

* About to connect() to orangehrm.[REDACTED].com port 443 (#0)
*   Trying 192.168.20.250...
* Connected to orangehrm.[REDACTED].com ([REDACTED]) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=orangehrm.[REDACTED].com,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU
*       start date: Jun 07 13:01:54 2019 GMT
*       expire date: Jun 04 13:01:54 2029 GMT
*       common name: orangehrm.[REDACTED].com
*       issuer: O=[REDACTED],L=C.A.B.A.,ST=Buenos Aires,C=AR
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: orangehrm.[REDACTED].com
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Server: nginx/1.15.8
< Date: Wed, 12 Jun 2019 13:49:43 GMT
< Content-Type: text/html; charset=iso-8859-1
< Content-Length: 362
< Connection: keep-alive
< Strict-Transport-Security: max-age=15724800; includeSubDomains
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>
* Connection #0 to host orangehrm.[REDACTED].com left intact

kubectl get -o yaml pods -l chart output: kubectl get -o yaml pods -l图表输出：

apiVersion: v1
items:
- apiVersion: v1
  kind: Pod
  metadata:
    creationTimestamp: "2019-06-12T13:41:42Z"
    generateName: orangehrm-orangehrm-76dfdf78f4-
    labels:
      app: orangehrm-orangehrm
      chart: orangehrm-4.1.0
      pod-template-hash: 76dfdf78f4
      release: orangehrm
    name: orangehrm-orangehrm-76dfdf78f4-hdnj9
    namespace: default
    ownerReferences:
    - apiVersion: apps/v1
      blockOwnerDeletion: true
      controller: true
      kind: ReplicaSet
      name: orangehrm-orangehrm-76dfdf78f4
      uid: d02765de-8d17-11e9-88b3-00155d00973f
    resourceVersion: "19055796"
    selfLink: /api/v1/namespaces/default/pods/orangehrm-orangehrm-76dfdf78f4-hdnj9
    uid: d04480cd-8d17-11e9-88b3-00155d00973f
  spec:
    containers:
    - env:
      - name: ALLOW_EMPTY_PASSWORD
        value: "yes"
      - name: MARIADB_HOST
        value: 192.168.0.132
      - name: MARIADB_PORT_NUMBER
        value: "3306"
      - name: ORANGEHRM_DATABASE_NAME
        value: orangehrm
      - name: ORANGEHRM_DATABASE_USER
        value: orangehrm_user
      - name: ORANGEHRM_DATABASE_PASSWORD
        valueFrom:
          secretKeyRef:
            key: db-password
            name: orangehrm-externaldb
      - name: ORANGEHRM_USERNAME
        value: admin
      - name: ORANGEHRM_PASSWORD
        valueFrom:
          secretKeyRef:
            key: orangehrm-password
            name: orangehrm-orangehrm
      - name: SMTP_HOST
      - name: SMTP_PORT
      - name: SMTP_USER
      - name: SMTP_PASSWORD
        valueFrom:
          secretKeyRef:
            key: smtp-password
            name: orangehrm-orangehrm
      - name: SMTP_PROTOCOL
        value: none
      image: docker.io/bitnami/orangehrm:4.3.0-0
      imagePullPolicy: IfNotPresent
      livenessProbe:
        failureThreshold: 3
        httpGet:
          path: /symfony/web/index.php
          port: http
          scheme: HTTP
        initialDelaySeconds: 120
        periodSeconds: 10
        successThreshold: 1
        timeoutSeconds: 1
      name: orangehrm-orangehrm
      ports:
      - containerPort: 80
        name: http
        protocol: TCP
      - containerPort: 443
        name: https
        protocol: TCP
      readinessProbe:
        failureThreshold: 3
        httpGet:
          path: /symfony/web/index.php
          port: http
          scheme: HTTP
        initialDelaySeconds: 30
        periodSeconds: 10
        successThreshold: 1
        timeoutSeconds: 1
      resources:
        requests:
          cpu: 300m
          memory: 512Mi
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
      - mountPath: /bitnami/orangehrm
        name: orangehrm-data
      - mountPath: /bitnami/apache
        name: apache-data
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: default-token-r2gbm
        readOnly: true
    dnsPolicy: ClusterFirst
    enableServiceLinks: true
    hostAliases:
    - hostnames:
      - status.localhost
      ip: 127.0.0.1
    nodeName: l004
    priority: 0
    restartPolicy: Always
    schedulerName: default-scheduler
    securityContext: {}
    serviceAccount: default
    serviceAccountName: default
    terminationGracePeriodSeconds: 30
    tolerations:
    - effect: NoExecute
      key: node.kubernetes.io/not-ready
      operator: Exists
      tolerationSeconds: 300
    - effect: NoExecute
      key: node.kubernetes.io/unreachable
      operator: Exists
      tolerationSeconds: 300
    volumes:
    - name: orangehrm-data
      persistentVolumeClaim:
        claimName: orangehrm-orangehrm-orangehrm
    - name: apache-data
      persistentVolumeClaim:
        claimName: orangehrm-orangehrm-apache
    - name: default-token-r2gbm
      secret:
        defaultMode: 420
        secretName: default-token-r2gbm
  status:
    conditions:
    - lastProbeTime: null
      lastTransitionTime: "2019-06-12T13:41:49Z"
      status: "True"
      type: Initialized
    - lastProbeTime: null
      lastTransitionTime: "2019-06-12T13:42:52Z"
      status: "True"
      type: Ready
    - lastProbeTime: null
      lastTransitionTime: "2019-06-12T13:42:52Z"
      status: "True"
      type: ContainersReady
    - lastProbeTime: null
      lastTransitionTime: "2019-06-12T13:41:42Z"
      status: "True"
      type: PodScheduled
    containerStatuses:
    - containerID: docker://725ddef8da29d353006996d95b248f4ee5cea0bed2542350fc7d63d4dfb0fecb
      image: bitnami/orangehrm:4.3.0-0
      imageID: docker-pullable://bitnami/orangehrm@sha256:2f0bd90d975a22c7a6237c6fd86c7939df856cf74edd8dcf839df440a5c62606
      lastState: {}
      name: orangehrm-orangehrm
      ready: true
      restartCount: 0
      state:
        running:
          startedAt: "2019-06-12T13:41:50Z"
    hostIP: 192.168.0.137
    phase: Running
    podIP: 10.40.0.65
    qosClass: Burstable
    startTime: "2019-06-12T13:41:49Z"
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

Pod startup log Pod启动日志

Welcome to the Bitnami orangehrm container
Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-orangehrm
Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-orangehrm/issues

nami    INFO  Initializing apache
apache  INFO  ==> Patching httpoxy...
apache  INFO  ==> Configuring dummy certificates...
nami    INFO  apache successfully initialized
nami    INFO  Initializing php
nami    INFO  php successfully initialized
nami    INFO  Initializing mysql-client
nami    INFO  mysql-client successfully initialized
nami    INFO  Initializing libphp
nami    INFO  libphp successfully initialized
nami    INFO  Initializing orangehrm
orangeh INFO  Configuring permissions
orangeh INFO  Creating the database...
mysql-c INFO  Trying to connect to MySQL server
mysql-c INFO  Found MySQL server listening at 192.168.0.132:3306
mysql-c INFO  MySQL server listening and working at 192.168.0.132:3306
orangeh INFO  Preparing webserver environment...
orangeh INFO  Passing wizard, please be patient
orangeh INFO  Configuring SMTP...
orangeh INFO  Setting OrangeHRM version...
orangeh INFO
orangeh INFO  ########################################################################
orangeh INFO   Installation parameters for orangehrm:
orangeh INFO     Username: admin
orangeh INFO     Password: **********
orangeh INFO     Site URL: http://127.0.0.1/
orangeh INFO   (Passwords are not shown for security reasons)
orangeh INFO  ########################################################################
orangeh INFO
nami    INFO  orangehrm successfully initialized

I have a nginx loadbalancer which Ingress is this: 我有一个Nginx负载均衡器，它的Ingress是这样的：

  apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
    name: https
  spec:
    rules:
      - host: orangehrm.[REDACTED].com
        http:
          paths:
            - backend:
                serviceName: orangehrm-orangehrm
                servicePort: 443
              path: /       
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
        - hosts:
            - orangehrm.[REDACTED].com
          secretName: orangehrm-https

Answer 1

As best I can tell, you are terminating TLS at the Ingress controller, which is then proxying upstream as HTTP but on port 443 ; 据我所知，您将在Ingress控制器处终止TLS，然后该控制器将上游代理为HTTP，但在端口443上 ； so you'll want to update your Ingress to say servicePort: 80 not :443 因此，您需要更新自己的Ingress以说servicePort: 80而不是:443

If you really want to connect TLS all the way through to the Pod, you'll need to either enable SSL passthrough or perhaps switch to use the HTTPS backend 如果您确实想将TLS一直连接到Pod，则需要启用SSL直通或切换到使用HTTPS后端

Kubernetes Helm Orangehrm HTTPS-错误请求

问题描述

1 个解决方案

解决方案1
1 已采纳 2019-06-14 04:32:46

Kubernetes Helm Orangehrm HTTPS-错误请求

问题描述

1 个解决方案

解决方案1 1 已采纳 2019-06-14 04:32:46

解决方案1
1 已采纳 2019-06-14 04:32:46