NGINX ingress auth-url 返回 404 但端点存在
[英]NGINX ingress auth-url returning 404 but the endpoint exists
问题描述
Adding the annotation:
添加注释:
annotations:
nginx.ingress.kubernetes.io/auth-url: http://my-auth-service.my-api.svc.cluster.local:8080
...to my ingress rule causes a 500 response from the ingress controller (the ingress works without it). ...到我的入口规则会导致来自入口控制器的 500 响应(入口在没有它的情况下工作)。
The service exists and I can ssh into the ingress controller and CURL it, getting a response:该服务存在,我可以通过 ssh 进入入口控制器并对其进行 CURL,得到响应:
curl http://my-auth-service.my-api.svc.cluster.local:8080 Produces a 200 response. curl http://my-auth-service.my-api.svc.cluster.local:8080产生 200 响应。
I checked the ingress controller logs but it says that the service returned a 404 .我检查了入口控制器日志,但它说该服务返回了404 。 If I can CURL to the same URL why would it return a 404 ?如果我可以 CURL 到相同的 URL 为什么会返回404 ?
2019/07/01 20:26:11 [error] 558#558: *443367 auth request unexpected status: 404 while sending to client, client: 192.168.65.3, server: localhost, request: "GET /mocks HTTP/1.1", host: "localhost"
I'm not sure what to check to deterine the problem.我不确定要检查什么来确定问题。
2 个解决方案
解决方案1
1 2020-05-06 18:36:52
FWIW, for future readers - I ran into the same problem, and after looking at my auth service logs, noticed nginx ingress' requests were appending a /_external-auth-xxxxxx path to the request url. FWIW,对于未来的读者 - 我遇到了同样的问题,在查看了我的身份验证服务日志后,注意到 nginx ingress 的请求正在向请求 url 附加一个 /_external-auth-xxxxxx 路径。
Here's where the ingress controller does it, in the source:这是入口控制器在源代码中执行此操作的地方:
https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/template/template.go#L428 https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/template/template.go#L428
And how I'm handling it in my own auth service (a Elixir/Phoenix route):以及我如何在自己的身份验证服务中处理它(Elixir/Phoenix 路线):
get "/_external-auth*encoded_nginx_auth_url", TokenController, :index
解决方案2
0 2019-07-02 09:30:00
Here are the options you should check:以下是您应该检查的选项:
- Global External Authentication全局外部认证
According to this documentation :根据此文档:
By default the controller redirects all requests to an existing service that provides authentication if global-auth-url is set in the NGINX ConfigMap.
- Server Name Indication服务器名称指示
Check your proxy_ssl_server_name setting in nginx.检查 nginx 中的proxy_ssl_server_name设置。 It indicates if HTTPS uses SNI or not and it is set to false by default.它指示 HTTPS 是否使用 SNI,默认设置为 false。
Please let me know if that helped.如果这有帮助,请告诉我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.