[英]Kubernetes Helm Orangehrm HTTPS - Bad Request
I'm kinda new to the kubernetes technology, sorry if I'm asking something really dumb. 我对kubernetes技术有点陌生,对不起,如果我问的是真正愚蠢的东西。 I've been trying to install orangehrm with helm, with no major problems actually and the http works fine but when I try to acces through the https url, it shows me the error of bad request.
我一直在尝试安装带有头盔的orangehrm,实际上没有大的问题,并且http可以正常工作,但是当我尝试通过https url访问时,它向我显示了错误请求的错误。
It's been installed with a modify value.yaml for the db configuration and also for user and password to login. 它已经安装了一个modify value.yaml,用于数据库配置以及用于登录的用户和密码。 But the rest is just as the github repositoy is.
但是其余的与github仓库一样。 Secret and login were set apart in my kubernetes configuration from this value.yaml file because the secret wasn't working.
在我的kubernetes配置中,将此机密和登录名与该value.yaml文件区分开了,因为该机密无法正常工作。
image:
registry: docker.io
repository: bitnami/orangehrm
tag: 4.3.1-0-debian-9-r8
pullPolicy: IfNotPresent
orangehrmUsername: admin
orangehrmPassword: admin
externalDatabase:
host: [REDACTED]
user: [REDACTED]
password: [REDACTED]
database: [REDACTED]
mariadb:
enabled: false
replication:
enabled: true
db:
name: orangehrm
user: [REDACTED]
password: [REDACTED]
master:
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 8Gi
service:
type: NodePort
port: 80
httpsPort: 443
nodePorts:
http: ""
https: ""
externalTrafficPolicy: Cluster
persistence:
enabled: true
orangehrm:
storageClass: slow
accessMode: ReadWriteOnce
size: 8Gi
apache:
storageClass: slow
accesMod: ReadWriteOnce
size: 16Gi
resources:
requests:
memory: 512Mi
cpu: 300m
podAnnotations: {}
ingress:
enabled: true
certManager: false
annotations:
kubernetes.io/ingress.class: nginx
hosts:
- name: [REDACTED].com
path: /
tls: false
tlsSecret: orangehrm-orangehrm
secrets:
metrics:
enabled: false
image:
registry: docker.io
repository: lusotycoon/apache-exporter
tag: v0.5.0
pullPolicy: IfNotPresent
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9117"
Bad Request
错误的请求
Your browser sent a request that this server could not understand.
您的浏览器发送了该服务器无法理解的请求。 Reason: >You're speaking plain HTTP to an SSL-enabled server port.
原因:>您正在对支持SSL的服务器端口使用纯HTTP。
curl -v output curl -v输出
* About to connect() to orangehrm.[REDACTED].com port 443 (#0)
* Trying 192.168.20.250...
* Connected to orangehrm.[REDACTED].com ([REDACTED]) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=orangehrm.[REDACTED].com,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU
* start date: Jun 07 13:01:54 2019 GMT
* expire date: Jun 04 13:01:54 2029 GMT
* common name: orangehrm.[REDACTED].com
* issuer: O=[REDACTED],L=C.A.B.A.,ST=Buenos Aires,C=AR
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: orangehrm.[REDACTED].com
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Server: nginx/1.15.8
< Date: Wed, 12 Jun 2019 13:49:43 GMT
< Content-Type: text/html; charset=iso-8859-1
< Content-Length: 362
< Connection: keep-alive
< Strict-Transport-Security: max-age=15724800; includeSubDomains
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>
* Connection #0 to host orangehrm.[REDACTED].com left intact
kubectl get -o yaml pods -l chart output: kubectl get -o yaml pods -l图表输出:
apiVersion: v1
items:
- apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2019-06-12T13:41:42Z"
generateName: orangehrm-orangehrm-76dfdf78f4-
labels:
app: orangehrm-orangehrm
chart: orangehrm-4.1.0
pod-template-hash: 76dfdf78f4
release: orangehrm
name: orangehrm-orangehrm-76dfdf78f4-hdnj9
namespace: default
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: orangehrm-orangehrm-76dfdf78f4
uid: d02765de-8d17-11e9-88b3-00155d00973f
resourceVersion: "19055796"
selfLink: /api/v1/namespaces/default/pods/orangehrm-orangehrm-76dfdf78f4-hdnj9
uid: d04480cd-8d17-11e9-88b3-00155d00973f
spec:
containers:
- env:
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
- name: MARIADB_HOST
value: 192.168.0.132
- name: MARIADB_PORT_NUMBER
value: "3306"
- name: ORANGEHRM_DATABASE_NAME
value: orangehrm
- name: ORANGEHRM_DATABASE_USER
value: orangehrm_user
- name: ORANGEHRM_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: db-password
name: orangehrm-externaldb
- name: ORANGEHRM_USERNAME
value: admin
- name: ORANGEHRM_PASSWORD
valueFrom:
secretKeyRef:
key: orangehrm-password
name: orangehrm-orangehrm
- name: SMTP_HOST
- name: SMTP_PORT
- name: SMTP_USER
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
key: smtp-password
name: orangehrm-orangehrm
- name: SMTP_PROTOCOL
value: none
image: docker.io/bitnami/orangehrm:4.3.0-0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /symfony/web/index.php
port: http
scheme: HTTP
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: orangehrm-orangehrm
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /symfony/web/index.php
port: http
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 300m
memory: 512Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /bitnami/orangehrm
name: orangehrm-data
- mountPath: /bitnami/apache
name: apache-data
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-r2gbm
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
hostAliases:
- hostnames:
- status.localhost
ip: 127.0.0.1
nodeName: l004
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: orangehrm-data
persistentVolumeClaim:
claimName: orangehrm-orangehrm-orangehrm
- name: apache-data
persistentVolumeClaim:
claimName: orangehrm-orangehrm-apache
- name: default-token-r2gbm
secret:
defaultMode: 420
secretName: default-token-r2gbm
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-06-12T13:41:49Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-06-12T13:42:52Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-06-12T13:42:52Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-06-12T13:41:42Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://725ddef8da29d353006996d95b248f4ee5cea0bed2542350fc7d63d4dfb0fecb
image: bitnami/orangehrm:4.3.0-0
imageID: docker-pullable://bitnami/orangehrm@sha256:2f0bd90d975a22c7a6237c6fd86c7939df856cf74edd8dcf839df440a5c62606
lastState: {}
name: orangehrm-orangehrm
ready: true
restartCount: 0
state:
running:
startedAt: "2019-06-12T13:41:50Z"
hostIP: 192.168.0.137
phase: Running
podIP: 10.40.0.65
qosClass: Burstable
startTime: "2019-06-12T13:41:49Z"
kind: List
metadata:
resourceVersion: ""
selfLink: ""
Pod startup log Pod启动日志
Welcome to the Bitnami orangehrm container
Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-orangehrm
Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-orangehrm/issues
nami INFO Initializing apache
apache INFO ==> Patching httpoxy...
apache INFO ==> Configuring dummy certificates...
nami INFO apache successfully initialized
nami INFO Initializing php
nami INFO php successfully initialized
nami INFO Initializing mysql-client
nami INFO mysql-client successfully initialized
nami INFO Initializing libphp
nami INFO libphp successfully initialized
nami INFO Initializing orangehrm
orangeh INFO Configuring permissions
orangeh INFO Creating the database...
mysql-c INFO Trying to connect to MySQL server
mysql-c INFO Found MySQL server listening at 192.168.0.132:3306
mysql-c INFO MySQL server listening and working at 192.168.0.132:3306
orangeh INFO Preparing webserver environment...
orangeh INFO Passing wizard, please be patient
orangeh INFO Configuring SMTP...
orangeh INFO Setting OrangeHRM version...
orangeh INFO
orangeh INFO ########################################################################
orangeh INFO Installation parameters for orangehrm:
orangeh INFO Username: admin
orangeh INFO Password: **********
orangeh INFO Site URL: http://127.0.0.1/
orangeh INFO (Passwords are not shown for security reasons)
orangeh INFO ########################################################################
orangeh INFO
nami INFO orangehrm successfully initialized
I have a nginx loadbalancer which Ingress is this: 我有一个Nginx负载均衡器,它的Ingress是这样的:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: "0"
name: https
spec:
rules:
- host: orangehrm.[REDACTED].com
http:
paths:
- backend:
serviceName: orangehrm-orangehrm
servicePort: 443
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- orangehrm.[REDACTED].com
secretName: orangehrm-https
As best I can tell, you are terminating TLS at the Ingress controller, which is then proxying upstream as HTTP but on port 443 ; 据我所知,您将在Ingress控制器处终止TLS,然后该控制器将上游代理为HTTP,但在端口443上 ; so you'll want to update your Ingress to say
servicePort: 80
not :443
因此,您需要更新自己的Ingress以说
servicePort: 80
而不是:443
If you really want to connect TLS all the way through to the Pod, you'll need to either enable SSL passthrough or perhaps switch to use the HTTPS backend 如果您确实想将TLS一直连接到Pod,则需要启用SSL直通或切换到使用HTTPS后端
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.